Author Topic: Spyware? trojans? self installing progs at startup (Read 1821 times)

Guest_Reuben_* · « **on:** June 24, 2005, 09:27:03 PM »

My old desktop which I have let my partners younger brother use has been infected, God knows where he's been and now its running slow and popup stopper is working overtime to kill IE windows. I have this running on a home LAN with an external ADSL router. I have prog'd the router to block traffic to all ports of all types from the internet to this machines IP address. I cant still move data via LAN and my Laptop.

This machine is running XP Pro with 4 user accounts. I dont need the user accounts anymore if this is a problem for repair.

I am basically cleaning up to pass this computer on to family who dont have one. Im almost considering formatting the HD but there is some data I want to burn off it first.

------------------------------------------------------------------
Attached it the latest HiJackThis log.

Logfile of HijackThis v1.98.2
Scan saved at 2:23:25 PM, on 25/06/05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\winldra.exe
C:\WINDOWS\System32\adv29.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\Tbq.exe
C:\WINDOWS\System32\quentvwr.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\System32\vxh8jkdq1.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
D:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\adv29.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Lao] C:\WINDOWS\System32\Tbq.exe
O4 - HKLM\..\Run: [xs2U35Q] quentvwr.exe
O4 - HKLM\..\Run: [Aqo] C:\WINDOWS\System32\Thm.exe
O4 - HKLM\..\Run: [Rab] C:\WINDOWS\Kos.exe
O4 - HKLM\..\Run: [Sqi] C:\WINDOWS\Von.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Lao] C:\WINDOWS\System32\Tbq.exe
O4 - HKCU\..\Run: [Aqo] C:\WINDOWS\System32\Thm.exe
O4 - HKCU\..\Run: [Rab] C:\WINDOWS\Kos.exe
O4 - HKCU\..\Run: [Sqi] C:\WINDOWS\Von.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093732498981
O17 - HKLM\System\CCS\Services\Tcpip\..\{7667245E-D1C4-4B15-891E-C1B1280F1559}: NameServer = 192.168.0.1

----------------------------------------------------------------

Any help would greatly be appreciated.
Regards,
Reuben

Guest_Reuben_* · « **Reply #1 on:** June 24, 2005, 09:33:57 PM »

I also get the following IE windows with the address's

c:\windows\Que.html (something about found spyware and tracks and keylogging progs - I dont believe it for a minute)

2x www.adslim.com/link/?wm=nsc&soft=sshield&subacc=004
(cant be displayed) - router pevents data from net
when i closed these windows Popupstopper immediatly works to stop others opening.

Also the following error message when startup at desktop level
Windows cannot find c:\slinstaller.exe., make sure you have typed the path ....................................

Hope this helps too.

Guest_Reuben_* · « **Reply #2 on:** June 24, 2005, 09:38:20 PM »

Sorry, also I have no task manager

The Task Manager has been disabled by you administrator.

I am the administrator

TheTechGuide Forum

News:

Author Topic: Spyware? trojans? self installing progs at startup (Read 1821 times)

Guest_Reuben_*

Spyware? trojans? self installing progs at startup

Guest_Reuben_*

Spyware? trojans? self installing progs at startup

Guest_Reuben_*

Spyware? trojans? self installing progs at startup