« previous next »
Pages: [1]

Author Topic: Computer Acting Strange  (Read 475 times)

Offline Tat

  • Full Member
  • ***
  • Posts: 131
  • Karma: +0/-0
    • View Profile
Computer Acting Strange
« on: June 09, 2006, 03:17:42 PM »
I usually ctrl + alt +del when my computer first starts up and end alot of tasks, otherwise my computer will just freeze up and not work. If u need me to try and do it with every single proccess i use just tell me. But if u see a problem please let me know and how to fix it. THANKS


Logfile of HijackThis v1.99.1
Scan saved at 3:13:48 PM, on 6/9/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Josh\LOCALS~1\Temp\Rar$EX02.203\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://__bannerrotatorstartup/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\mjmgw.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xftkijv.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - blank (file missing)
O2 - BHO: Yvakt Class - {1FF787DD-4FC7-4C7C-AE4D-74012A0ECAAC} - C:\WINDOWS\System32\de6ypog.dll (file missing)
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\System32\nsv4A.dll (file missing)
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: (no name) - {2D08AE3A-D4ED-4236-9873-90B8888F1788} - C:\Program Files\Common Files\meco.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\System32\ias\svchost.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [stinqrib] C:\WINDOWS\stinqrib.exe
O4 - HKLM\..\Run: [rehv1a] C:\WINDOWS\hnnvwbp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Tofeqpn] C:\Program Files\Busp\Vmbg.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [ufcav] C:\WINDOWS\System32\ghgvuipd\ufcav.exe
O4 - HKLM\..\Run: [higav] C:\WINDOWS\System32\rrwah\higav.exe
O4 - HKLM\..\Run: [awjtq] C:\WINDOWS\System32\pkyj\awjtq.exe
O4 - HKLM\..\Run: [rwocy] C:\WINDOWS\System32\wjvp\rwocy.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\DOCUME~1\REDREA~1\LOCALS~1\Temp\fvifiakm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\system32\sms_msn.exe
O4 - HKLM\..\Run: [w009ebcb.dll] RUNDLL32.EXE w009ebcb.dll,I2 000371c20009ebcb
O4 - HKLM\..\Run: [qdwfp] C:\WINDOWS\System32\takx\qdwfp.exe
O4 - HKLM\..\Run: [alkucvt] C:\WINDOWS\System32\xyowm\alkucvt.exe
O4 - HKLM\..\Run: [ulvjhusi] C:\WINDOWS\System32\pemhaso\ulvjhusi.exe
O4 - HKLM\..\Run: [gssxkqm] C:\WINDOWS\System32\bewss\gssxkqm.exe
O4 - HKLM\..\Run: [ybyim] C:\WINDOWS\System32\wilxcr\ybyim.exe
O4 - HKLM\..\Run: [mvbqna] C:\WINDOWS\System32\jkhiw\mvbqna.exe
O4 - HKLM\..\Run: [mdvk] C:\WINDOWS\System32\kxwj\mdvk.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [defender] C:\\defender24.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard24.exe
O4 - HKLM\..\Run: [newname] C:\\newname24.exe
O4 - HKLM\..\Run: [{4A-AE-E3-3C-ZN}] C:\windows\system32\rmdsregm.exe GID003
O4 - HKLM\..\Run: [htkdjq] C:\WINDOWS\System32\ycbi\htkdjq.exe
O4 - HKLM\..\Run: [upva] C:\WINDOWS\System32\yrrpslwe\upva.exe
O4 - HKLM\..\Run: [mrjvty] C:\WINDOWS\System32\adfdpcle\mrjvty.exe
O4 - HKLM\..\Run: [gjxifc] C:\WINDOWS\System32\rkmylokw\gjxifc.exe
O4 - HKLM\..\Run: [mjfe] C:\WINDOWS\System32\qruoh\mjfe.exe
O4 - HKLM\..\Run: [wodfyy] C:\WINDOWS\System32\sklryp\wodfyy.exe
O4 - HKLM\..\Run: [ojlkwjg] C:\WINDOWS\System32\rmeo\ojlkwjg.exe
O4 - HKLM\..\Run: [fwyqs] C:\WINDOWS\System32\ulpwph\fwyqs.exe
O4 - HKLM\..\Run: [msmcvs.exe] C:\WINDOWS\System32\msmcvs.exe
O4 - HKLM\..\Run: [crmdp.exe] C:\WINDOWS\System32\crmdp.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {24E2468B-9FA2-4D7A-8D0A-C9A1359269D0} - C:\WINDOWS\System32\de6ypog.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Logged
My msn/e-mail is gonzalez_112 @ m5n .c0m

So add me on msn messenger leave me an offline or two, or just send an e-mail

Trades so far:

Bought 1m pin From beren(SUCESsFUL) HIGHLY RECOMMENDED

Sold level 124 for 440$ Usd Paypal - Sucessful

Scammers:

Sold my level 121 to Joejoe for 200$ paypal, beren mmed (did a chargeback) beren i still a great mm

Moataz - Attempted to scam my level 121

violentkid449 - stole items of my 120 and tried to steal it.

Ihatescamers!!! Proof can be found Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer Acting Strange
« Reply #1 on: June 10, 2006, 01:59:42 AM »
Can you do the following please, let's see what your log looks like afterwards  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Please download [color=\"red\"]Brute Force Uninstaller[/color][/b] to your desktop. (rightclick on this link and choose save as, if using IE save target as)
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  • Download [color=\"red\"]qoofix.bat[/color] (rightclick on this link and choose save as, if using IE save target as)
  • Place qoofix.bat in your C:\BFU - folder. [color=\"#FF0000\"](Important!)[/color]
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »