Overclock.net banner
1 - 20 of 29 Posts

·
Premium Member
Joined
·
9,589 Posts
google for a program called hijackthis. Google will also give links to forums where people (like us with overclocking) will pick apart the output of the HiJackThis program and tell you what to remove via the registry (or the hijackthis program itself)
 

·
Registered
Joined
·
383 Posts
Do you use a firewall? Are your virus definitions up to date? One thing i've found that actually helps a lot is Adaware SE Plus...the real time protection is nice, as long as you disable it before surfing pron sites...
 

·
Banned
Joined
·
914 Posts
Discussion Starter · #5 ·
...nooooooooo crap i did it and it still there you know a program that i can back up the stuff and reformat?without backing up the virus?

heres the log

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\TGTSoft\\StyleXP\\StyleXPService.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\PROGRA~1\\COMMON~1\\Stardock\\SDMCP.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\SOUNDMAN.EXE
C:\\Program Files\\Saitek\\Software\\Profiler.exe
C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe
C:\\DOCUME~1\aylor\\LOCALS~1\\Temp\\13.tmp.exe
C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe
C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
C:\\Program Files\\[email protected]\\winFAH.exe
C:\\Program Files\\[email protected]\\FahCore_78.exe
C:\\WINDOWS\\winqg.exe
C:\\WINDOWS\\system32\\appyq.exe
C:\\Documents and Settings\aylor\\Desktop\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = res://C:\\WINDOWS\\dzyqb.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A50CD81E-F349-DB33-3E2B-6D202CD8ED02} - C:\\WINDOWS\\system32\
thq32.dll
O4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\WINDOWS\\system32\\NeroCheck.exe
O4 - HKLM\\..\\Run: [Profiler] C:\\Program Files\\Saitek\\Software\\Profiler.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [11.tmp] C:\\DOCUME~1\aylor\\LOCALS~1\\Temp\\11.tmp.exe 1 28129
O4 - HKLM\\..\\Run: [13.tmp] C:\\DOCUME~1\aylor\\LOCALS~1\\Temp\\13.tmp.exe 0 28129
O4 - HKLM\\..\\Run: [13.tmp.exe] C:\\DOCUME~1\aylor\\LOCALS~1\\Temp\\13.tmp.exe 1 28129
O4 - HKLM\\..\\Run: [11.tmp.exe] C:\\DOCUME~1\aylor\\LOCALS~1\\Temp\\11.tmp.exe 1 28129
O4 - HKLM\\..\\Run: [appyq.exe] C:\\WINDOWS\\system32\\appyq.exe
O4 - HKLM\\..\\RunOnce: [winqg.exe] C:\\WINDOWS\\winqg.exe
O4 - HKCU\\..\\Run: [STYLEXP] C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe" /background
O4 - Startup: [email protected] 5.03.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - //messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: StyleXPService - Unknown - C:\\Program Files\\TGTSoft\\StyleXP\\StyleXPService.exe
O23 - Service: Network Security Service - Unknown - C:\\WINDOWS\
ttw32.exe
 

·
Premium Member
Joined
·
9,589 Posts
xxxtoolbar...ROTFLMAO!!

thats funny


btw, I was saying post the log on one of hijacks forums (found in the google search) those guys would be MUCH better at picking apart the gibberish I'm reading.
 

·
Registered
Joined
·
290 Posts
Quote:

Originally Posted by remote_username
...nooooooooo crap i did it and it still there you know a program that i can back up the stuff and reformat?without backing up the virus?
I had to gdeal with this once before. What I dneeded to do was run a program check such as adaware then take the critical items and use a program called a shredder to permanently get them off the comp. It took me ten hours, just because my problem was unique, it shouldnt take more than a few minutes once you find the programs. What I was told the shredder does is takes it completely off your computer. search google for the shredder and those forums as stated above they will give you the complete steps.
I think the program was called spybot and the shredder you can download after you search google.
 

·
Banned
Joined
·
914 Posts
Discussion Starter · #9 ·
Quote:

Originally Posted by Xavier1421
xxxtoolbar...ROTFLMAO!!

thats funny


btw, I was saying post the log on one of hijacks forums (found in the google search) those guys would be MUCH better at picking apart the gibberish I'm reading.
well to make an accont i need a e-mail but...I CANT USE IT CAZ MY DADS SUCH WH***ABOUT IT I CANT GET THE PASSWORD FOR THE ROUTER
 

·
Registered
Joined
·
290 Posts
Quote:

Originally Posted by remote_username
well to make an accont i need a e-mail but...I CANT USE IT CAZ MY DADS SUCH WH***ABOUT IT I CANT GET THE PASSWORD FOR THE ROUTER

You cant run the shredder either?
 

·
Registered
Joined
·
290 Posts
Quote:

Originally Posted by remote_username
shedder??wth is that?
Did you read my post? I advised to dowload spybot and a shredder. That should allow you to compile a list of the corrupted filoes and shred them rendering them unusable. I had this problem in the past and was able to fix it this way. ONe of the windows .exe files was added into my system and basically hijacked my comp. google search schredder and spybot they should fix your problem. Try this link
http://www.download.com/3000-2144-10...age&tag=button
 

·
Registered
Joined
·
290 Posts
Quote:


Originally Posted by remote_username

oh ad aware quarentens it

I am not sure what you mean by that but the shredder will completely remove it from your Comp. Unless Adaware did the job then you should be set. I do understand that adaware quarentines it but I dont think that it removes it from your system which the shredder will do. For somereason when I had this problem no matter what I did it always came back until I used the shredder.
 

·
Registered
Joined
·
290 Posts
Quote:

Originally Posted by remote_username
got link?
I posted the Link in the previous post. check first page. here ya go http://www.download.com/3000-2144-1...page&tag=button sorry for some reason it doesnt bring you to the exact downloads type in shredder and spy bot one after the other download specific ones for your comp then run em. Hope it works that thing drove me [email protected]#$ing nuts.
 

·
Registered
Joined
·
712 Posts
get a norton ghost floppy from someone... back up all your PERSONAL files to a second partition... install windows and all your apps... update as neccisary... then GHOST the clean install. When you get hosed again on the net just make sure all your personal fiels are on the other partition... pop in the ghost disk... and BOOM... back the way you left it.

Also... if you can get ahold of MS Virtual Machine... fire it up... install XP on it (or whatever)... and then shut it off and make a copy of the virtual HDD. keep that as your clean drive and do all of your "questionable" web browsing from the virtual machine... nothing will ever touch your main box and you can always delete the virtual machine and copy back the backup virtual hard drive if it gets hosed.
 
1 - 20 of 29 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top