Synaptic02
01-31-2005, 12:04 AM
hey everyone...i'm new to this but i'm looking for some help. I had a few of the virus things that are going around (worldtracker.biz, CWS SWAPX) but followed instructions on how to remove them. the worldtracker.biz was removed sucessfully, however i am unable to remove the CWS SWAPX. my internet explorer still crashes about 4 seconds after loading (which is fine, i just switched to firefox) but i still can't install most programs. Some programs i am able to... (if the icon looks newer, like a computer and a box and a CD) and some i can not (like the older classic style of icon, computer, box and floppy disk)....i don't know what the difference is, but i need some help. i have hijackthis installed, but i can't install ad-aware as it is the old style of setup file. i attatched my hijackthis log file below:
Logfile of HijackThis v1.99.0
Scan saved at 1:25:00 AM, on 1/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\alg.exe
c:\windows\system32\dllcache\win32\winlogon.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
c:\windows\system32\dllcache\win32\csrss.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\adjxsw.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://a-search.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,TGBRFV_
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - E:\WINDOWS\System32\M0KXWN~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [etyhkrzzbsrop] E:\WINDOWS\System32\adjxsw.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "E:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [warez] "E:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm9.chm::/file1.exe
O20 - AppInit_DLLs: bx69ff0o001.dll
O23 - Service: NTLOAD - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
if anyone has any information that would help me, i would greatly appreciate it. thanks!
andrew
Logfile of HijackThis v1.99.0
Scan saved at 1:25:00 AM, on 1/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\alg.exe
c:\windows\system32\dllcache\win32\winlogon.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
c:\windows\system32\dllcache\win32\csrss.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\adjxsw.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://a-search.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,TGBRFV_
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - E:\WINDOWS\System32\M0KXWN~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [etyhkrzzbsrop] E:\WINDOWS\System32\adjxsw.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "E:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [warez] "E:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm9.chm::/file1.exe
O20 - AppInit_DLLs: bx69ff0o001.dll
O23 - Service: NTLOAD - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
if anyone has any information that would help me, i would greatly appreciate it. thanks!
andrew