Some Spyware and Explorer Problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Kevinj87, Apr 4, 2008.

  1. Kevinj87

    Kevinj87 Private E-2

    Im having some trouble now that has been lasting a month. And i just drag the window to the side so it doesnt really bother me.


    I refuse to reformat due to how much i would have to backup but i defrag etc on a reg basis.

    My explorer.exe on startup gives me a error msg saying msvcrt.dll
    I followed someone's instructons on REPLACING the dll with a downloaded one from microsoft did that and nothing happened i also have NUagent.exe and NUWatch.exe and cant seem to remove them.

    Here is a hijack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:01:51 PM, on 4/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\NUWatch.exe
    C:\WINDOWS\system32\NUAgent.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [NUAgent] C:\WINDOWS\system32\NUAgent.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O20 - AppInit_DLLs: c:\windows\system32\ddabayy.dll
    O20 - Winlogon Notify: c_8rui - C:\WINDOWS\SYSTEM32\c_8rui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 1449 bytes


    any tips or advice please.
     
    Kevinj87, Apr 4, 2008
    #1
  2. abri

    abri MajorGeek

    Hi Kevin87,
    Welcome to Major Geeks!

    Your hijackthis shows you have malware. You need to run through the READ & RUN ME FIRST so we can help you get rid of it. When you get done, attach the requested logs and someone will go through them for you.

    Also, not backing up your files is a bad idea. I recommend as soon as your computer is deemed malware free, that you back up everything. The reason for this is that your hard drive can stop working suddenly and then you can't back them up at all.

    abri
     
    abri, Apr 5, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds