HijackThis Log re: about:blank, sysnet, Malwarewipe

Hi,

thank you for your forum, this is my problem.

my problems started after i downloaded a codec for Windows Media Player. my homepage was highjacked - the Tools > Internet Options page says about:blank, but the page that actually comes up in IE diercts me to sysnet and Malwarewipe pages.

also, my McAfee sends up 'found and deleted trojan' prompts. It also found trojans that i could not delete or quarantine.

and there are pop-ups.

intially, following directions from another site (i hadn't settled on you guys yet, it was the first thing i tried - i'm sticking with you guys now) i looked in the register (and possibly another place - i'm not sure as it has been a long week of studying online what i should do about this and getting organized to scan according to your specifications), but i did not find anything Malwarewipe or sysnet related.

here are my attachments for the scanning you had me do.

if i left anything out, please ask as i took extensive notes during this week and during the scan processes.

also a question. if i turn off the computer, will the HighjackThis log/check-boxes still be in the HijackThis window/box when i reboot ? i'm unplugging my internet connection for now, but leaving the computer on til i hear from you.

i am aware of your about:blank removal instructions and plan to try it after hearing your suggestions.

thank you.

ps:

Panda ActiveScan

my ActiveScan attachments for some reason came out individually rather than in one file. there are two to attach, but i could only load one because of your limit of 3 attachments per post - rather than send one in another post, i chose to send both in second post so as not to split them up. there were actually 4 or 5 INDIVIDUAL scans made by Panda ActiveScan, but for some reason i neglected to note what they were. one was Floppy drive, which i never use, so i didn't bother to scan it (i didn't have the floppy disk it asked me to insert. and the other was Other Media. Other Media had me choose Browse to pick a file to scan. i chose KazaaLite and CD Drive (E. neither would scan. there MAY have been another scan that i don't remember what it was, but it didn't work, if there was another.

Windows Defender

Windows Defender would not run when i attempted it during the scanning processes. when i finished scanning and attempted to run it in normal mode after reboot, the My Computer > HP_PAVILION (C > WINDOWS > system32 window was open and i noticed some of the file titles were blue in color (the font was blue). i went UP one file to WINDOWS and found the same thing. when i scrolled through the file, i noticed that some of the file icons were changing. they were chaniging so fast, i couldn't tell if only the icon changed, as i did not have a chance to see what the file title used to be called before the change (if indeed there was a change). here are two (of many) of that the icons that changed.

nvuaudio.exe and nvue.net

continuing on to run Windows Defender, it failed to run again, and i got this prompt - "Application failed to initialize: 0x800106ba. A problem caused Windows Defender to stop. To start the service, restart your computer or search Help and Support on how to start service manually.' when i rebooted and tried again, it failed once more and i got the same prompt. i did not search Help and Support.

there were 3 .exe files in the WD folder. i tried them all, but only one even attempted to load.

sorry for rambling. my next post will be more concise. (hopefully) : )

 

these are the Panda ActiveScan attachments.

thank you.

 

i forgot to mention that ever so often, i get a prompt at the top bar that says you have been blocked from this website by adware on your computer. click here for System Doctor to remove it. that's only happened three times this week. my problems started on Monday June 19, 2006, today is Friday June 23, 2006.

thank you

 

i just noticed that the BitDefender and Hijackthis did not attach to my first post.

please find them here.

thank you.

 

also a couple of times there were sounds coming from my speakers. every 8 seconds there was a metal 'tink' and ever so often there was a big "glonk".

i have never heard of anyone having audio problems with viruses/malware.

thank you.

 

another problem major just popped up. i attempted to change the name of an mp3, i was given the prompt 'If You Change The File Name You May Render The File UNUSABLE' i figured it would probaly be ok...i have never had any problems when i get that prompt whe re-sizing pictures.

but sure enough, when i clicked on it, the icon changed and when i clicked on it, it would not load.

help, please.

the unwanted sounds from the speakers has stopped and otherwise, the computer is doing very well. my homepage is still hijacked and the messengers are slow to load, but i have recieved no pop-ups of Mcafee prompts in a while, although there were still pop-ups when i rebooted. (i still haven't shut down the computer, since my initial reboot to check my results.)

but being unable to change a file name is a major problem, i think.

as the record shows, i've probably forgotten to mention something, or will experience a new problem (it seems one problem ends and another worse one begins...sigh). i will respond again.

thanks.

 

hi, sorry for the delay. i've been out of commision for the last few days. turns out i've been sick for a long time.

i have read your instructions for SpywareQuake and SpyFalcon Removal Procedure, and i believe i'm ready to begin.

before i begin, i want to verify that the path i take to get to %system32% is:
My Computer > C: > WINDOWS > system32

thank you.

 

Re: Hallelujah !!!

Hallelujah !!!

i appear to be fixed !!!

here's my smitfiles log.

i downloaded and ran both fixquake.exe and smitRem.exe as directed with the exception that i did not save it to my desktop. i knew from experience that i could not access some files on my desktop while in safemode, so i saved it to another folder. i had no trouble running either in safemode.

i did not find SpywareQuake or SpyFalcon in Add/Remove Programs.

i did not find any of the files or folders that you asked me to delete if found.

thank you for your guidance.

anything else i need to do ?

 

Re: RunKeys log

here is my runkeys log.

should i repeat all of the pre-scanning that you had me do, or should i just run HijackThis ?

thank you.

 

Re: My 2nd HijackThis Log

here is my second HijackThis log.

thank you.

 

Re: Trojan Removal Procedure

thank you for your help.

i ran your procedure without incident. i did not find the files you wanted me to delete in safemode, but i did find files in the c:\windows\Prefetch folder. i deleted them all as requested.

the computer is running much better although i was REALLY scared on reboot - the computer screen turned purple and although i could hear the Windows music starting up, the page got hung and the computer kept turning on and off by itself, with a purple screen. i shut the computer off manually and turned it back on, and it booted up fine.

my SP2 is once again blocking pop-ups and i even got the address bar to search Yahoo. (that hasn't worked for 3 years.)

1) the C:/WINDOWS/system32 window is gone from my boot up. that's good, but this time [what appeared to be a DOS-type black window] briefly opened and closed. is this ok ?

2) but my .mp3 and .wma files still show the file designation after the title, and when i try to rename a music file, i get the prompt that "changing the title could render the file unusable".

3) and there are icons labelled Album Art that have appeared in my music folders along with the .mp3's and .wma's. they are pinkish in color and half faded out as if they are not really there.

any ideas on how to fix these 3 problems ?

thank you.

please find attached my new HijackThis log.

 

Re: Nvidia Twin-View window

ps: also when i shut down my computer a prompt says that Nvidia Twin-View window will not shut down and asks me to 'end now' or wait for Windows to end it.

any thoughts ?

thank you.

 

Re: 02 - BHO's and HijackThis log

i re-ran HijackThis.

i closed out McAfee, and all my messengers and Quicktime from the taskbar [the one with the clock].

Windows Defender has never run for me, so i was unable to adjust the settings the way you suggested. i could uninstall it if that would help.

(2) of the items appear to have been fixed, but the (3) O2 - BHO's appear to be still there.

 

Re: 3 Side Problems

3. i haven't installed any new music-related software.

thank you.

 

Re: Registrar Lite & HijackThis log

i uninstalled Windows Defender.

i had no problems running Registrar Lite.

please find my latest HijackThis log attached.

thank you.

 

Re: Thank You's

thank you so much for your help.

if you think the NVIDIA refusing to close is NOT a malware problem, i guess i will begin to close up the computer.

could you direct me to a forum which might be able to help me with the NVIDIA-Twinview window that doesn't want to end when i shut down the computer ?

the http://forums.majorgeeks.com/showthread.php?t=44525 link was very helpful. i plan to implement the knowledge there immediately. i definitely need a 2-way Firewall and i definitely need to get off of IE.

i didn't see any Anti-Hacker software [if there is such a thing] on the page.

can you recommend some ?

thank you so much.