Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
This time I'm posting for help with my PC. When I opened IE this morning my home page was changed to www.web--search.com and I had a search toolbar under the address bar. I've run Spybot, Adaware, AVG and CWShredder. CWShredder found a search item and removed it, now the search bar is gone and my home page seems to have been returned to normal. I'd still like someone to look over my HJT log just to be sure everything is gone. Even with all the precautions I take I still got nailed.
Logfile of HijackThis v1.99.0
Scan saved at 11:37:41 AM, on 1/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Reboot back into Windows and run another scan, posting the new log.
Is there a reason you haven't updated to SP2?
Information below about this process, running on your machine, taken from answersthatwork.com. C:\WINDOWS\System32\nvsvc32.exe
NVIDIA Driver Helper Service which gets installed under Windows NT4/2000/XP/2003 by the NVIDIA drivers for some of their graphics cards (or graphics cards based on an NVIDIA chipset). We do not at this stage know what this process does except consume memory ! And we also have no idea as to what a “Driver Helper Service” is supposed to do !!
Recommendation :
This service is often responsible for various glitches, from significant shutdown delays to excessive memory usage. Disabling it, however, does not result in our experience in any ill-effect in regards to the proper operation of your NVIDIA or NVIDIA chipset graphics card, so we recommend that you definitely set the Startup Mode of this service to Disabled. You can do this by going to start>run, type services.msc, hit enter. Locate the service in the list and right click>properties. Stop the service, then disable, apply and OK out.
CTHELPER is a background task that is a plug-in manager for Creative drivers. It first appeared with Creative’s SoundBlaster Live and Audigy soundcards. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. One of the very first uses of this interface has been for InterVideo’s WinDVD in the shape of a fix called "WinDVDPatch" and, at the time of writing 12-Jan-2003, there have not been other uses for it yet.
Recommendation :
Given its purpose CTHELPER would normally be classified as a "leave alone" background task. Unfortunately, as with many other Creative background tasks in these pages, there are often problems with CTHELPER. The most common complaint is random excess CPU utilization, up to 100% ! We have also had complaints of PCs freezing when CTHELPER is around, although that is probably also 100% CPU utilization. Additionally, on PCs running Intel’s Pentium 4 Hyper-Threading CPUs, the sound stutters. In short : CTHELPER is far more trouble than it is a help.
Added by soundcard software to remind you to update. Not needed at startup.
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
Added by sound card software for auto detection of headphones. Not needed at startup.
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
Thanks very much for the quick reply. I didn't realize there would be so much to get rid of. I've removed the items you suggested, cleaned out the folders, run the disk cleanup. I could not find any occurrence of any powerreg type files or folders. I've disabled the Nvidia service as well and it doesn't seem to have had any ill effects on the system.
I know I need to put on SP2, I just haven't had time to research all the 'prep' steps to take before applying it. I have 5 PC's to apply it to including my own. I have been having problems trying to run games on my PC since upgrading to XP, and have been thinking about formating and installing XP fresh to see if that helps, but that will be a last resort.
Here is a new HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 1:00:03 PM, on 1/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
