Help-NKVD.US

  1. 15-10-2006  #1
    gagewel
    gagewel is offline Newbie

    Help-NKVD.US

    Logfile of HijackThis v1.99.1
    Scan saved at 1:20:41 PM, on 10/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nkvd.us/s.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nkvd.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nkvd.us/s.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nkvd.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nkvd.us/s.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://allneedsearch.com/spm.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O1 - Hosts: 207.68.185.58 auto.search.msn.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {87910917-4BEA-4883-B896-272DEAD271C7} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {9E1B9960-4678-40E6-B09F-6AABF0A08C61} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Help - {D8FDB4AC-27D0-4AE2-B42B-8E8022C2B630} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://www.nkvd.us/
    O13 - WWW Prefix: http://www.nkvd.us/
    O13 - Home Prefix: http://www.nkvd.us/
    O13 - Mosaic Prefix: http://www.nkvd.us/
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...of5_3_12_0.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  2. 16-10-2006  #2
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Welcome,


    Please download hoster from the link below.

    http://www.funkytoad.com/download/hoster.zip

    Open Hoster.exe.

    Then click on "Restore Original Hosts"

    Close program when complete.



    INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"

    Download and scan with AVG Anti-Spyware
    1. After download, double click on the file to launch the install process.
    2. Choose a language, click "OK" and then click "Next".
    3. Read the "License Agreement" and click "I Agree".
    4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    8. Go to Start > Run and type: services.msc

    * Press "OK".
    * Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
    * When you find the guard service, double-click on it.
    * In the Properties Window > General Tab that opens, click the "Stop" button.
    * From the drop-down menu next to "Startup Type", click on "Manual".
    * Now click "Apply", then "OK" and close the Services window.

    9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message". If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from HERE .

    Once the updates are installed do the following:
    1. Click on the "Scanner" button and choose the "Settings" tab.

    * Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    * Under "How to Scan?" check all (default).
    * Under "Possibly unwanted software" check all (default).
    * Under "What to Scan?" make sure "Scan every file" is selected (default).
    * Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the "Apply all actions button". If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

    Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.



    After the above...

    Next,
    Download the Intermute stand-alone version of CWShredder from here: cwshredder.net/bin/CWShredder.exe
    Install it and check for updates then exit, we will use it later.


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Run CWShredder and click on fix, let program run, when fininshed reboot normal mode and post a new hijackthis log and AVG anti-spyware log.
+ Reply to Thread
« Problem with Symantec LiveUpdate | Firefox has encountered an error... »