win xp prob, nisamut! help!

[RebC]

---

tenks sa info bro. tried task manager fix and a success, but i dont know what to do with the hijackthis, help.
and dont know where to download spybot killer-or is this spybot search & destroy

[RebC]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:15 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe,bungoton.bat
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchpl ugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\2p1e8rhz.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122072616156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147364604109
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2E9F8F1-8436-4ADB-BA28-F1D0260B7F84}: NameServer = 203.172.25.21 202.163.239.2
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Visual Studio Analyzer RPC bridge - VIA Technologies inc,.ltd - (no file)

--
End of file - 5905 bytes





asa man ta makapangita ug kahbaw muanalyze ani?

[jemmanf]

virus ni bro.

[jemmanf]

try reinstall XP then run updated AV

[tapsikret]

run hijack again and put a check on this files.. and click on fixed checked

O4 - HKLM\..\Run: [WinProfile] sndcfg16.exeWinProfile
"Added by the BUDDY TROJAN!"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllWinsock Hijacker
Every time I've seen this its been a bad thing
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dllSharedTaskScheduler Registry key autorun
Only a CWS variant has been known to use this. Consult a HJT expert before cleaning anything.
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)File Missing
When a file is missing, you should always have HijackThis fix the item.
O23 - Service: Visual Studio Analyzer RPC bridge - VIA Technologies inc,.ltd - (no file)File Missing
When a file is missing, you should always have HijackThis fix the item.



after running hjt and removing those files

do this
start>run>%temp% and delete all the files in that folder

and
start>run>cleanmgr and put a check on all the boxes and click on ok


if everything else would fails

run trend micro housecall http://housecall.trendmicro.com/
or run trend micro system cleaner using CPR or controlled pattern release http://www.trendmicro.com/download/sysclean.asp

[ryanel06]

REFOrmating would be my last resort. i hav d cd, how do i repair? what next f i go to d recvry console?.

repair... ayaw ug repair sa first option sulod gyud didto sa my fresh installation next pa sa f8 na i lain na option which is repair and install a fresh copy. dont worry walay na erase na files or other prgram..mangita cya ug balik sa serial no..in not sure sa other na mga xp installer..kalain2x gyud ang mga installer na i installer na nai format option naa sad wala naa sad na os ra repair diretso

[nhoda911]

in you hijackthis log

F2 - REG:system.ini: UserInit=userinit.exe,bungoton.bat

delete it

[nhoda911]

try if you can open msconfig? then searhc for suspicious files that run in start up.

[bryanarzaga]

The included recovery disk will recover it, try running a script, check your registry entries too, if lazy ka reformat nalang