No clue...

A

AkinaGod

New Member
My computer starting acting really funky 2 days ago. I did a panda scan and it came up with some adware program that basically equates to cookies, so I disregarded it. However the issues got worse. Here is how it started:

Two days ago I noticed my computer lagging. Things are taking almost 5 times longer to load, thumb nails, images, videos, etc. Yesterday I turned my computer on 2 times and twice today and 2 out of those 4 times my mouse and keyboard didn't work. They were ON and the mouse was able to MOVE but I couldn't click with the mouse and no keys worked with the keyboard. Today i was watching a movie and I minimized the screen and I had massive pixel discoloration on the desktop wallpaper. But when I closed the movie player it went away. A moment ago I tried to burn a data disc, something I do every couple of days, and it said I no longer had permission from the admin to use this part of the program. But it allowed me to use the audio portion. So i was like, wtf is going on? Then, I thought, well no scanning is picking anything up. Panda software isn't, malware bytes doesn't pick anything up, and I am going to include my hijack this here in a second. Can you tell me what is going on.

... I just did a scan and I couldn't access my C drive now. it says Windows cannot find 'RECYCLER\S-9-9-84-100006009-10031516-100002953-7202.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Why is it trying to go to a website?

Anyway, here is the hijack file... PLEASE HELP!!!

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11

\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll'

missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1237432584949
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDE120C7-9D47-4B0C-814B-1BB5B136DC9E}: NameServer =

85.255.112.143,85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203

--
End of file - 4263 bytes
 
Oh, btw, all these problems also happen in Safe mode. None of my anti-virus stuff works. I can't install AVG or some other stuff it always says it was incorrectly installed and I can't use the programs.
 
First off you don't seem to have any anti virus installed and secondly these lines

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.143,85.255.112.203

relate to a quote from another site
Russian Business Network, and hosting provider for a countless of number of injected and malware embedded campaigns during the last two years
Click to expand...

Someone with a knowledge of ridding this will hopefully help you out.
 
anybody know at all? I can't even find the name to this thing and it is getting way worse. I have to type this in safe mode...
 
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Combo Fix

ComboFix 09-05-03.1 - Robert Haney 05/03/2009 21:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2761 [GMT -7:00]
Running from: c:\documents and settings\Robert Haney\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\ROBERT~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ROBERT~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Robert Haney\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\recycler\S-4-0-24-100006965-100004197-100015072-8504.com
c:\windows\system32\drivers\gxvxcibpxdpkbpciiyrwbkqpavbdmrqowxthe.sys
c:\windows\system32\drivers\gxvxcjkdkpamybxxtkdwnsfthoserprubldks.sys
c:\windows\system32\drivers\gxvxcmdielirpdmjqlercrdpkpfjtivpqybox.sys
c:\windows\system32\drivers\gxvxcqpfvkpmmbdcbqhowxdpbivtnfjooetmx.sys
c:\windows\system32\drivers\gxvxcvkbmuspqqobfdewstkjlnstpfdxbcojp.sys
c:\windows\system32\drivers\gxvxcxmcrnseomntidibnrbftatnymrqhwmge.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcnxoufpdvinqwitmwexpqsntdlnowfsyx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 08:05 . 2009-05-03 08:05 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-03 07:54 . 2008-07-24 03:09 17144 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 07:54 . 2008-07-24 03:09 38472 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 07:54 . 2009-05-03 07:54 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 07:54 . 2009-05-03 07:54 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 07:41 . 2009-05-03 07:41 -------- d-----w c:\program files\Trend Micro
2009-05-02 05:19 . 2008-06-19 23:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-02 05:18 . 2009-05-02 05:18 -------- d-----w c:\program files\Panda Security
2009-04-28 17:43 . 2009-04-28 17:43 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-26 22:31 . 2009-04-26 22:31 -------- d-----w c:\documents and settings\Robert Haney\Application Data\Move Networks
2009-04-17 22:31 . 2009-04-17 22:31 0 ----a-w c:\windows\nsreg.dat
2009-04-17 22:31 . 2009-04-17 22:31 -------- d-----w c:\documents and settings\Robert Haney\Local Settings\Application Data\Mozilla
2009-04-17 07:02 . 2009-04-17 07:02 -------- d-----w c:\windows\system32\XPSViewer
2009-04-17 07:02 . 2009-04-17 07:02 -------- d-----w c:\program files\MSBuild
2009-04-17 07:02 . 2009-04-17 07:02 -------- d-----w c:\program files\Reference Assemblies
2009-04-17 07:01 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-17 07:01 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-17 07:01 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-17 07:01 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-17 07:01 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-17 07:01 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-17 07:01 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-17 07:01 . 2009-04-17 07:01 -------- d-----w C:\15de9e808695c3e9b5f374461042
2009-04-17 06:56 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 06:56 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 06:56 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 06:56 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 06:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 06:56 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 06:56 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 06:56 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 06:56 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 06:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 06:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 22:57 . 2009-04-16 22:57 -------- d-----w c:\documents and settings\Robert Haney\Local Settings\Application Data\Macromedia
2009-04-16 22:55 . 2009-04-21 08:11 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-16 22:55 . 2009-04-21 08:12 -------- d-----w c:\program files\Macromedia
2009-04-16 22:54 . 2009-04-21 08:11 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 22:08 . 2009-04-16 22:08 -------- d-----w c:\documents and settings\Robert Haney\Local Settings\Application Data\Ahead
2009-04-12 07:59 . 2009-05-03 07:33 -------- d-----w c:\program files\Common Files\Ahead
2009-04-12 07:59 . 2009-05-03 07:33 -------- d-----w c:\program files\Ahead
2009-04-10 18:51 . 2009-04-10 18:51 264704 ----a-w c:\windows\system32\hlvdd.dll
2009-04-10 18:51 . 2009-04-10 18:51 383 ----a-w c:\windows\system32\haspdos.sys
2009-04-10 18:51 . 2009-04-10 18:51 6656 ----a-w c:\windows\system32\haspvdd.dll
2009-04-10 18:51 . 2009-04-10 18:51 47616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-04-10 18:51 . 2001-06-22 04:39 18432 ----a-w c:\windows\system32\RNBOVDD.DLL
2009-04-10 18:51 . 2001-06-22 04:39 49664 ----a-w c:\windows\system32\SNTI386.DLL
2009-04-10 18:51 . 2001-06-22 04:39 73728 ----a-w c:\windows\system32\drivers\SENTINEL.SYS
2009-04-10 18:51 . 2001-06-22 04:39 20032 ----a-r c:\windows\system32\drivers\SNTNLUSB.SYS
2009-04-10 18:51 . 2009-04-10 18:51 -------- d-----w c:\windows\system32\RNBOSENT
2009-04-10 18:51 . 2006-11-22 17:01 693760 ----a-w c:\windows\system32\drivers\hardlock.sys
2009-04-10 18:51 . 2009-04-10 18:51 -------- d-----w c:\documents and settings\Robert Haney\WINDOWS
2009-04-05 20:09 . 2001-08-18 05:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-05 20:09 . 2008-04-13 23:12 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-04 07:31 . 2009-04-04 07:31 -------- d-----w c:\documents and settings\Robert Haney\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 04:47 . 2009-03-19 04:14 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 02:18 . 2009-03-19 21:55 -------- d-----w c:\program files\Steam
2009-05-03 08:05 . 2009-03-19 04:49 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-28 17:44 . 2009-03-20 08:46 -------- d-----w c:\program files\QuickTime
2009-04-21 17:38 . 2009-03-19 04:49 40824 ----a-w c:\documents and settings\Robert Haney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 18:47 . 2009-03-19 04:50 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 04:18 . 2009-03-19 06:58 -------- d-----w c:\program files\Common Files\Adobe
2009-04-10 04:18 . 2009-03-19 03:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 01:20 . 2009-03-22 01:20 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-21 20:32 . 2009-03-21 20:32 -------- d-----w c:\program files\Microsoft
2009-03-21 20:32 . 2009-03-21 20:31 -------- d-----w c:\program files\Windows Live
2009-03-21 20:32 . 2009-03-21 20:32 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-21 19:44 . 2009-03-21 19:44 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-21 03:10 . 2009-03-21 03:10 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-20 19:35 . 2009-03-20 19:35 -------- d-----w c:\program files\Vuze
2009-03-20 19:35 . 2009-03-20 19:35 -------- d-----w c:\program files\Common Files\i4j_jres
2009-03-20 19:08 . 2009-03-20 19:08 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-20 19:08 . 2009-03-20 19:08 -------- d-----w c:\program files\Microsoft.NET
2009-03-20 09:38 . 2009-03-20 09:38 135 ----a-w c:\documents and settings\Robert Haney\Local Settings\Application Data\fusioncache.dat
2009-03-20 09:38 . 2009-03-20 09:30 68938 ----a-w c:\windows\hpoins05.dat
2009-03-20 09:36 . 2009-03-20 09:36 -------- d-----w c:\program files\Common Files\HP
2009-03-20 09:35 . 2009-03-20 09:31 -------- d-----w c:\program files\HP
2009-03-20 09:35 . 2009-03-20 09:35 -------- d-----w c:\program files\Hewlett-Packard
2009-03-20 09:34 . 2009-03-20 09:34 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-19 22:01 . 2009-03-19 22:00 -------- d-----w c:\program files\Winamp
2009-03-19 21:49 . 2009-03-19 21:49 -------- d-----w c:\program files\PC Wizard 2008
2009-03-19 21:48 . 2009-03-19 21:48 -------- d-----w c:\program files\VideoLAN
2009-03-19 21:46 . 2009-03-19 21:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 05:18 . 2009-03-19 05:18 -------- d-----w c:\program files\AMD
2009-03-19 05:05 . 2009-03-19 04:14 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-19 04:50 . 2009-03-19 04:50 -------- d-----w c:\program files\Realtek
2009-03-19 04:50 . 2009-03-19 04:50 319488 ----a-w c:\windows\HideWin.exe
2009-03-19 04:14 . 2009-03-19 04:14 -------- d-----w c:\program files\microsoft frontpage
2009-03-19 04:14 . 2003-03-31 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-19 04:12 . 2009-03-19 04:12 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-19 03:35 . 2009-03-19 03:35 -------- d-----w c:\program files\NVIDIA Corporation
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2003-03-31 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-18 22:44 . 2009-03-19 03:21 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-02-17 07:17 . 2009-03-19 04:19 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 12:10 . 2003-03-31 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2003-03-31 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2003-03-31 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2003-03-31 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-03-31 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 01:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2003-03-31 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"npggsvc"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2794234]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-0-24-100006965-100004197-100015072-8504.com c:\
\Shell\Open\command - c:\recycler\S-4-0-24-100006965-100004197-100015072-8504.com c:\
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\Robert Haney\Application Data\Mozilla\Firefox\Profiles\93sselvx.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-05-04 21:51
ComboFix-quarantined-files.txt 2009-05-04 04:51

Pre-Run: 305,932,115,968 bytes free
Post-Run: 306,749,693,952 bytes free

216 --- E O F --- 2009-03-22 10:06






Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:17 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237432584949
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

--
End of file - 3745 bytes


I won't really know how the comp is running till my next reboot so let me do that and ill reply to myself real quick.
 
I am now being prompted each reboot to choose which version of windows to boot up as. And my hard drive still has a hard time loading things. But I am no longer getting the website prompt and I can now access my desktop in normal reboot. As for popups I haven't been on the web long enough to know but I don't think firefox is storing my passwords anymore and I have the settings set to where it is supposed to. Man I hate viruses, the really screw your systems up!

One more thing is the last scan told me I had to reinstall a restore point program so I guess that is why I didn't have the ability to go back to a previous restore point. Is there a way I can check that now?

I did not have to do anything special in the processes tab either. everything ran smoothly during the scan.

I think I got everything, what next?
 
What are the 2 options you get? Have you recently tried repairing your XP installation or tried reinstalling the operating system?

Can you successfully log onto both of them? You can type "msconfig" (without the quotes)in the run box on the start menu, click ok, click on boot.ini tab. click on the button that says "check all boot paths". Please be aware that if it says that both options are valid then you need to figure out which one you need to keep and disable the other one. If you need more help, post back.
 
johnb35 said:
What are the 2 options you get? Have you recently tried repairing your XP installation or tried reinstalling the operating system?

Can you successfully log onto both of them? You can type "msconfig" (without the quotes)in the run box on the start menu, click ok, click on boot.ini tab. click on the button that says "check all boot paths". Please be aware that if it says that both options are valid then you need to figure out which one you need to keep and disable the other one. If you need more help, post back.
Click to expand...

It asks do you want to start in windows configuration or windows xp home edition. I have to click xp home each time.
 
Looks like you have tried to reinstall the OS. Do the procedure I told you about to check the boot paths and let me know what you find out. You can also edit the boot.ini file to get rid of the other failed installation.
 
You must log in or register to reply here.
Back
Top