Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jnick3810

Pages: [1]

Tech Clinic / slow running computer and pop ups

« on: December 30, 2007, 11:01:19 PM »

alright i did those two things here are the logs

Ad-Aware SE Professional
Adobe Flash Player 9
AdvancedDVDPlayer 1.13
Age of Empires III
AOL Instant Messenger
Ares 1.8.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BCM V.92 56K Modem
Bet On USA Poker
BitLord 0.56
BitTorrent 3.4.2
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
DivoCodec version 1.3.0.0
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EA SPORTS online 2006
Easy CD Creator 5 Basic
Empire Earth
EQ2MAP Updater 0.9.7
FINAL FANTASY XI
FINAL FANTASY XI: Rise of the Zilart
GameSpy Arcade
Google Desktop
Google Toolbar for Firefox
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ICQ
ICQ Toolbar
ICQ 5
iMesh 6
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
K-Lite Codec Pack 2.72 Basic
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Demo
PartyPoker
PerfectDisk
PlayOnline Viewer and Tetra Master
QuickTime Alternative 1.70
Real Alternative 1.49
SAM 2003
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SportsInterAction Poker
Spybot - Search & Destroy 1.4
TeamSpeak 2 RC2
TweakNow PowerPack 2006 Professional
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB20 setup program
Ventrilo Client
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

ComboFix 07-12-31.4 - Justin Nichols 2007-12-31 21:53:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.159 [GMT -6:00]
Running from: C:\Documents and Settings\Justin Nichols\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin Nichols\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\lbbho.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
C:\Program Files\MediaSupplyCodec
C:\Program Files\MediaSupplyCodec\install.ico
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\dat.txt
C:\WINDOWS\lbbho.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2007-12-31 17:57 . 2007-12-31 17:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-30 17:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 16:43 . 2007-12-30 17:39 1,808 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-30 16:38 . 2007-12-30 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:13 . 2007-12-30 15:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 15:13 . 2007-12-30 15:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 15:12 . 2007-12-30 15:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 15:12 . 2007-12-30 15:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:18 . 2007-12-30 11:18 244 --ah----- C:\sqmnoopt01.sqm
2007-12-16 01:45 . 2007-12-16 02:02 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Contacts
2007-12-16 01:44 . 2007-12-16 01:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 23:49 --------- d-----w C:\Program Files\ICQ
2007-12-28 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 04:10 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\My Games
2007-12-28 04:02 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 03:49 --------- d-----w C:\Program Files\Firaxis Games
2007-12-28 03:42 --------- d-----w C:\Program Files\EA SPORTS
2007-12-24 16:56 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\MSN6
2007-12-23 17:56 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 07:45 --------- d-----w C:\Program Files\MSN Messenger
2007-11-17 06:33 --------- d-----w C:\Program Files\3wPlayer
2007-11-14 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-09-28 02:00 457 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 16:50 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [2003-10-14 10:36 38984]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-14 15:20 1838592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 01000000
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 21:57:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 14646 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1594768 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\WININIT.INI 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log 135110 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 478720 bytes executable
C:\WINDOWS\xpsp1hfm.log 1371 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
Completion time: 2007-12-31 21:58:03
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 03:57:49
C:\qoobox\ComboFix2.txt 2007-12-31 23:59:00
.
2007-12-13 09:05:54 --- E O F ---

Tech Clinic / slow running computer and pop ups

« on: December 30, 2007, 07:04:15 PM »

alright i went through the steps you layed out Thank you, and here are my reports

mitFraudFix v2.274

Scan done at 17:39:10.26, Sun 12/30/2007
Run from C:\Program Files\BitLord\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing process

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Generic Renos Fix

GenericRenosFix by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Spyware?Malware Protection.url Deleted

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» IEDFix

IEDFix.exe by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting Temp Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Registry Cleaning

Registry Cleaning done.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

ComboFix 07-12-31.4 - Justin Nichols 2007-12-30 17:51:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.189 [GMT -6:00]
Running from: C:\Documents and Settings\Justin Nichols\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\bvtqfvx.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\domnftwwrn.dll
C:\WINDOWS\emlkdvo.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-30 17:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 17:49 . 2007-12-30 17:49 268 --ah----- C:\sqmdata05.sqm
2007-12-30 17:49 . 2007-12-30 17:49 244 --ah----- C:\sqmnoopt05.sqm
2007-12-30 17:31 . 2007-12-30 17:31 268 --ah----- C:\sqmdata04.sqm
2007-12-30 17:31 . 2007-12-30 17:31 244 --ah----- C:\sqmnoopt04.sqm
2007-12-30 17:29 . 2007-12-30 17:29 268 --ah----- C:\sqmdata03.sqm
2007-12-30 17:29 . 2007-12-30 17:29 244 --ah----- C:\sqmnoopt03.sqm
2007-12-30 16:43 . 2007-12-30 17:39 1,808 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-30 16:38 . 2007-12-30 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:13 . 2007-12-30 15:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 15:13 . 2007-12-30 15:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 15:12 . 2007-12-30 15:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 15:12 . 2007-12-30 15:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 14:51 . 2007-12-30 14:51 244 --ah----- C:\sqmnoopt02.sqm
2007-12-30 14:51 . 2007-12-30 14:51 232 --ah----- C:\sqmdata02.sqm
2007-12-30 11:18 . 2007-12-30 11:18 268 --ah----- C:\sqmdata01.sqm
2007-12-30 11:18 . 2007-12-30 11:18 244 --ah----- C:\sqmnoopt01.sqm
2007-12-30 02:02 . 2007-12-30 02:02 268 --ah----- C:\sqmdata00.sqm
2007-12-30 02:02 . 2007-12-30 02:02 244 --ah----- C:\sqmnoopt00.sqm
2007-12-27 21:26 . 2007-12-27 21:26 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-27 00:39 . 2007-12-27 00:39 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-16 01:45 . 2007-12-16 02:02 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Contacts
2007-12-16 01:44 . 2007-12-16 01:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-17 00:15 . 2007-11-17 00:33 <DIR> d-------- C:\Program Files\3wPlayer
2007-11-14 15:22 . 2007-12-24 10:56 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Application Data\MSN6
2007-11-14 15:22 . 2007-11-14 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 23:49 --------- d-----w C:\Program Files\ICQ
2007-12-28 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 04:10 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\My Games
2007-12-28 04:02 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 03:49 --------- d-----w C:\Program Files\Firaxis Games
2007-12-28 03:42 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 17:56 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 07:45 --------- d-----w C:\Program Files\MSN Messenger
2007-11-17 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-09-28 02:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-10-06 05:56 57,344 -csha-w C:\WINDOWS\lbbho.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 16:50 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [2003-10-14 10:36 38984]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-14 15:20 1838592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 01000000
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:57:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 14646 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1594268 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\WININIT.INI 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log 135110 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 478720 bytes executable
C:\WINDOWS\xpsp1hfm.log 1371 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
Completion time: 2007-12-31 17:59:00
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 23:58:58
.
2007-12-13 09:05:54 --- E O F ---

the smitfraudfix.cmd never asked me to check or didnt ever prompt that it was ever checking wininet.dll, also i went through my add remove programs and i didnt see the xpvirus scan on it, the tools got rid of the other icons on my desktop that i didnt put there, but the xpanitvirus one is still there.

other than that, things are definitly running alot smoother. thank you so much for taking the time to help

justin

Tech Clinic / slow running computer and pop ups

« on: December 30, 2007, 05:48:09 PM »

alright i downloaded those two things and ran them, heres what i got

SmitFraudFix v2.274

Scan done at 16:42:21.54, Sun 12/30/2007
Run from C:\Program Files\BitLord\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\system

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\Web

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\system32

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\Justin Nichols

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\Justin Nichols\Application Data

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Start Menu

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\DOCUME~1\JUSTIN~1\FAVORI~1

C:\DOCUME~1\JUSTIN~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop

C:\DOCUME~1\JUSTIN~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\JUSTIN~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\JUSTIN~1\Desktop\Spyware?Malware Protection.url FOUND !

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Program Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Corrupted keys

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Rustock

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

Description: 3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
DNS Server Search Order: 204.127.203.135
DNS Server Search Order: 216.148.225.135

Description: 3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
DNS Server Search Order: 204.127.203.135
DNS Server Search Order: 216.148.225.135

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Scanning for wininet.dll infection

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

Here is HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:49 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: alxvdvm - {7A63B55B-932A-4F9A-979D-EEE0FB56B2E2} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {76BCA9F3-94C4-45C4-A015-2B2C80FCD25F} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7612 bytes

thanks again

Tech Clinic / slow running computer and pop ups

« on: December 30, 2007, 05:05:31 PM »

hello im new to this, this is my first post. im having some serious computer issues and before i take it to someone else and pay them to fix it i thought i would give it a try. a friend of mine told me about this forum and hijack this so i thought i would give it a try. its pretty hard to discribe what is goin on with my computer but i will try.

its running really slow, my homepaged has been changed to ucleaner.com, im getting a pop up that says im infected with worm.win32.netsky, im also getting a "windows security alert" sayin that windows has detected an internet attack... somebody's tryin to infect your PC with spyware ...ect. im also getting a xp antivirus 2008 - threats detected pop up, and my computer is changing the tabs on its own... for example if i have one page up and some others behind it, it will change between them on its own...sorry for the long winded description

heres my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 3:30:50 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: alxvdvm - {7A63B55B-932A-4F9A-979D-EEE0FB56B2E2} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {76BCA9F3-94C4-45C4-A015-2B2C80FCD25F} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

any help would be greatly appreciated

thank you
Justin

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - jnick3810

Tech Clinic / slow running computer and pop ups

Tech Clinic / slow running computer and pop ups

Tech Clinic / slow running computer and pop ups

Tech Clinic / slow running computer and pop ups