[grog3514]

Hi guys. Im ashamed to admit I fell for this. But a couple days ago I got an IM from one of my friends saying to click the link to see pictures. I had to download a .com file and I did and clicked on it. My brother also downloaded a free DVD player that came with lots of adware. My computer started going REAL slow so I disabled everything in startup. But some things are still comging back. And I get popups every 15 seconds or so. Seems to only be when Im actually using the computer though. Here is my HJT log. Any ideas? Ive run adaware and antivir multiple times. A few just wont leave. Particularly TR/Spy.Agent.dg.2.B hope thats fixable.
Thanks guys




Logfile of HijackThis v1.97.7
Scan saved at 4:49:37 AM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\etb\pokapoka70.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\AIM95\aim.exe
D:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the818search-co.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the818search-co.com/sp2.php
O4 - HKLM\..\Run: [System service70] D:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110837056216
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Geekgirl]

Hello and Welcome to TSF

Unfortunately you posted your log in the wrong forum. Also you are using an older version of HJT. Please follow these instructions to get you set in the right place :grin:


Download and install: HiJackThis.

(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed.
When the scan is finished, best to save your text file in the same folder as where you put HiJackthis.


IMPORTANT!!!
Create a New Topic and include a fresh HJT log in the HiJackThisLog Help Forum and Copy/Paste the info from your saved Hijackthis log file into your new topic.

A Moderator/ Security Team Analyst will give you instructions.


***DO NOT TRY TO FIX ANYTHING, MAJOR DAMAGE CAN BE DONE TO YOUR SYSTEM IF THIS TOOL IS USED INCORRECTLY, PLEASE WAIT FOR AN ANALYST/MODERATOR TO GIVE YOU INSTRUCTIONS***

Always describe your problem and any programs you have used to try to resolve your issue. Your description can go a long way to solving/repairing your particular issue.

 

[whodat]

welcome to tsf

aim is a subway system for infections

please read this

good luck

sorry tj