I recently bought a new hard drive because my old one was starting to get corrupted files. I did a fresh installation on the new drive and copied what data I could off the old drive.
Anyway, I had to download all my programs again and I downloaded something off a P2P client and tried to install it which was very stupid of me. My computer suddenly became choc-a-block with spyware and I wasn't even able to open task manager. I quickly downloaded the latest versions of Ad-aware and Spybot: S & D and scanned my computer. They managed to remove most of it.
I found a site in google which told me to download some program and boot into safe mode then run it. But when I went to boot into safe my my screen just gets flooded with lines of junk (looks like this "multi(0)disk(0)rdisk(0)) and won't boot into safe mode.
I tried booting into the last known good configuration, and did so successfully. After doing that I was able to remove even more malicious programs.
Finally I can open task manager again and most of the problems are gone. If I scan with Ad-aware and Spybot I still get a few programs that I can't get rid of. The worst part is every 2 minutes my browser opens up a random advert page and alt-tabs me into it no matter what I'm doing, very annoying.
I'm fed up and am unable to fix it any more myself so I've decided to bother you poor people.
Here is my Hijackthis log file:
QUOTE
Logfile of HijackThis v1.99.1
Scan saved at 11:59:03 PM, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\LTMSG.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\exampler\MYDOCU~1\PPATCH~1\wuaclt.exe
C:\PROGRA~1\COMMON~1\SKS~1\CHOST~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
d:\iNet Web Accelerator\PropelAC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
D:\Mozilla Firefox\firefox.exe
d:\Hijackthis\HijackThis.exe
D:\Mozilla Thunderbird\thunderbird.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {22005338-C885-E82C-F063-9D1CF799E196} - C:\WINDOWS\system32\afnfva.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "d:\iNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Emoa] "C:\DOCUME~1\exampler\MYDOCU~1\PPATCH~1\wuaclt.exe" -vt yazr
O4 - HKCU\..\Run: [Fil] C:\PROGRA~1\COMMON~1\SKS~1\CHOST~1.EXE
O4 - HKCU\..\Run: [ffro] C:\PROGRA~1\COMMON~1\ffro\ffrom.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Allow pop-ups from this site - d:\iNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - d:\iNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - d:\iNet Web Accelerator\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150367422030
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E11A6E-E7C7-4A6D-A867-9DDAAED383DD}: NameServer = 203.0.178.191
O20 - AppInit_DLLs: C:\WINDOWS\system32\regsvr32.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\e220lcfm1f2a.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 11:59:03 PM, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\LTMSG.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\exampler\MYDOCU~1\PPATCH~1\wuaclt.exe
C:\PROGRA~1\COMMON~1\SKS~1\CHOST~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
d:\iNet Web Accelerator\PropelAC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
D:\Mozilla Firefox\firefox.exe
d:\Hijackthis\HijackThis.exe
D:\Mozilla Thunderbird\thunderbird.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {22005338-C885-E82C-F063-9D1CF799E196} - C:\WINDOWS\system32\afnfva.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "d:\iNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Emoa] "C:\DOCUME~1\exampler\MYDOCU~1\PPATCH~1\wuaclt.exe" -vt yazr
O4 - HKCU\..\Run: [Fil] C:\PROGRA~1\COMMON~1\SKS~1\CHOST~1.EXE
O4 - HKCU\..\Run: [ffro] C:\PROGRA~1\COMMON~1\ffro\ffrom.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Allow pop-ups from this site - d:\iNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - d:\iNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - d:\iNet Web Accelerator\pac-image.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150367422030
O17 - HKLM\System\CCS\Services\Tcpip\..\{26E11A6E-E7C7-4A6D-A867-9DDAAED383DD}: NameServer = 203.0.178.191
O20 - AppInit_DLLs: C:\WINDOWS\system32\regsvr32.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\e220lcfm1f2a.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
I find it really annoying that I've had few problems in the last 5 years, I finally do a fresh install of Windows and accidently download something bad right away! Being on dial-up I really don't want to reformat and do it all again because it takes so long to download certain things (windows updates in particular).
Please help me!
Thanks
- Topes