Jump to content


Photo

Pop ups, computer lagging, errors...


  • Please log in to reply
4 replies to this topic

#1 Fake Star

Fake Star

    Member

  • New Member
  • Pip
  • 4 posts

Posted 27 May 2004 - 06:17 PM

I've been having quite alot of problems with my computer for some time, mainly with pop ups. I know there are other things going on with my computer, definitely, but I need some help...

Logfile of HijackThis v1.97.7
Scan saved at 6:12:06 PM, on 5/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\CHECKIT\86\CHECKIT86.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...t/7search/?hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.east.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep.../start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...t/7search/?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
F1 - win.ini: run=hpfsched
O1 - Hosts: 216.239.39.101 desktop.kazaa.com
O1 - Hosts: 216.239.39.101 shop.kazaa.com
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - C:\WINDOWS\IEXPLORR23.DLL
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - C:\WINDOWS\IEXPLORR24.DLL
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\PROGRAM FILES\CHECKIT\86\CHECKIT86.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Edit.exe] C:\Program Files\Accessories\Edit.exe /system
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [CFIMPSV] C:\WINDOWS\CFIMPSV.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPEERSI] C:\WINDOWS\SYSTEM\EPEERSI.exe
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunOnce: [Z3JJAZ.EXE] C:\WINDOWS\SYSTEM\Z3JJAZ.EXE
O4 - HKCU\..\RunOnce: [Z3JJAZ.EXE] C:\WINDOWS\SYSTEM\Z3JJAZ.EXE
O4 - Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: StartUp.exe
O4 - Global Startup: CLHEYH7B.lnk = C:\WINDOWS\clheyh7b.exe
O4 - Global Startup: DTN9YO4P.lnk = C:\WINDOWS\dtn9yo4p.exe
O4 - Global Startup: 043QNNDU.lnk = C:\WINDOWS\043qnndu.exe
O4 - Global Startup: Z096EVUN.lnk = C:\WINDOWS\z096evun.exe
O4 - Global Startup: ZKYXIQ11.lnk = C:\WINDOWS\zkyxiq11.exe
O4 - Global Startup: KY43RLC2.lnk = C:\WINDOWS\ky43rlc2.exe
O4 - Global Startup: 61LRNKM8.lnk = C:\WINDOWS\61lrnkm8.exe
O4 - Global Startup: DN0GV7V2.lnk = C:\WINDOWS\dn0gv7v2.exe
O4 - Global Startup: ORP5NF2W.lnk = C:\WINDOWS\orp5nf2w.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: WKW4KX30.lnk = C:\WINDOWS\wkw4kx30.exe
O4 - Global Startup: 510N6401.lnk = C:\WINDOWS\510n6401.exe
O4 - Global Startup: OUBK6UJO.lnk = C:\WINDOWS\oubk6ujo.exe
O4 - Global Startup: LLQGROVK.lnk = C:\WINDOWS\llqgrovk.exe
O4 - Global Startup: C2O8LG4H.lnk = C:\WINDOWS\c2o8lg4h.exe
O4 - Global Startup: HVLYG1T0.lnk = C:\WINDOWS\hvlyg1t0.exe
O4 - Global Startup: U01NM7VD.lnk = C:\WINDOWS\u01nm7vd.exe
O4 - Global Startup: AXAO1J7W.lnk = C:\WINDOWS\axao1j7w.exe
O4 - Global Startup: JNF16ODT.lnk = C:\WINDOWS\jnf16odt.exe
O4 - Global Startup: IKD4NXRY.lnk = C:\WINDOWS\ikd4nxry.exe
O4 - Global Startup: B1081EN0.lnk = C:\WINDOWS\b1081en0.exe
O4 - Global Startup: 0ECEZ859.lnk = C:\WINDOWS\0ecez859.exe
O4 - Global Startup: VUG5TDH5.lnk = C:\WINDOWS\vug5tdh5.exe
O4 - Global Startup: C8KBAO8M.lnk = C:\WINDOWS\c8kbao8m.exe
O4 - Global Startup: 0ZT02V0A.lnk = C:\WINDOWS\0zt02v0a.exe
O4 - Global Startup: 9CWBUWNB.lnk = C:\WINDOWS\9cwbuwnb.exe
O4 - Global Startup: D08E0QBM.lnk = ?
O4 - Global Startup: HH7L4GB6.lnk = C:\WINDOWS\hh7l4gb6.exe
O4 - Global Startup: V5D9P7MK.lnk = C:\WINDOWS\v5d9p7mk.exe
O4 - Global Startup: JWQJ0DA0.lnk = C:\WINDOWS\jwqj0da0.exe
O4 - Global Startup: R6ZB7QFG.lnk = C:\WINDOWS\r6zb7qfg.exe
O4 - Global Startup: 820ODII9.lnk = C:\WINDOWS\820odii9.exe
O4 - Global Startup: X646PY18.lnk = C:\WINDOWS\x646py18.exe
O4 - Global Startup: JPAF5DBI.lnk = C:\WINDOWS\jpaf5dbi.exe
O4 - Global Startup: LR8G459K.lnk = C:\WINDOWS\lr8g459k.exe
O4 - Global Startup: HYQP1YET.lnk = C:\WINDOWS\hyqp1yet.exe
O4 - Global Startup: 2XOKB48G.lnk = C:\WINDOWS\2xokb48g.exe
O4 - Global Startup: 3GTJXDMH.lnk = C:\WINDOWS\3gtjxdmh.exe
O4 - Global Startup: D70H5E0Z.lnk = C:\WINDOWS\d70h5e0z.exe
O4 - Global Startup: NKMUIIHV.lnk = C:\WINDOWS\nkmuiihv.exe
O4 - Global Startup: O4127FP3.lnk = C:\WINDOWS\o4127fp3.exe
O4 - Global Startup: NPV6EVIL.lnk = C:\WINDOWS\npv6evil.exe
O4 - Global Startup: WQ0YWCNJ.lnk = C:\WINDOWS\wq0ywcnj.exe
O4 - Global Startup: 20F90KX0.lnk = C:\WINDOWS\20f90kx0.exe
O4 - Global Startup: 79VCGRI8.lnk = C:\WINDOWS\79vcgri8.exe
O4 - Global Startup: 43BKEOC4.lnk = C:\WINDOWS\43bkeoc4.exe
O4 - Global Startup: 0IRH5N7P.lnk = ?
O4 - Global Startup: LFP8EYEP.lnk = C:\WINDOWS\lfp8eyep.exe
O4 - Global Startup: O2UZG9G8.lnk = C:\WINDOWS\o2uzg9g8.exe
O4 - Global Startup: N2KU0JKN.lnk = C:\WINDOWS\n2ku0jkn.exe
O4 - Global Startup: VTD0UNDH.lnk = ?
O4 - Global Startup: 5P4M0O5L.lnk = C:\WINDOWS\5p4m0o5l.exe
O4 - Global Startup: IGBQ65L8.lnk = C:\WINDOWS\igbq65l8.exe
O4 - Global Startup: 71FA1ACH.lnk = C:\WINDOWS\71fa1ach.exe
O4 - Global Startup: 9HLTTBY1.lnk = C:\WINDOWS\9hlttby1.exe
O4 - Global Startup: JE5C3GR8.lnk = C:\WINDOWS\je5c3gr8.exe
O4 - Global Startup: FIRY7RPC.lnk = C:\WINDOWS\firy7rpc.exe
O4 - Global Startup: DBDC6YQ7.lnk = C:\WINDOWS\dbdc6yq7.exe
O4 - Global Startup: E1F7K4PZ.lnk = C:\WINDOWS\e1f7k4pz.exe
O4 - Global Startup: 9LFBXLNU.lnk = C:\WINDOWS\9lfbxlnu.exe
O4 - Global Startup: J1WPJ7OA.lnk = C:\WINDOWS\j1wpj7oa.exe
O4 - Global Startup: NHKYG380.lnk = C:\WINDOWS\nhkyg380.exe
O4 - Global Startup: YB0W5K0G.lnk = C:\WINDOWS\yb0w5k0g.exe
O4 - Global Startup: 9WHMOZN0.lnk = C:\WINDOWS\9whmozn0.exe
O4 - Global Startup: RFHCMHDI.lnk = C:\WINDOWS\rfhcmhdi.exe
O4 - Global Startup: P35ZZOOB.lnk = C:\WINDOWS\p35zzoob.exe
O4 - Global Startup: RE0OTAKQ.lnk = C:\WINDOWS\re0otakq.exe
O4 - Global Startup: QFWB1090.lnk = C:\WINDOWS\qfwb1090.exe
O4 - Global Startup: FV04JP5Q.lnk = C:\WINDOWS\fv04jp5q.exe
O4 - Global Startup: M4UNIUJ5.lnk = C:\WINDOWS\m4uniuj5.exe
O4 - Global Startup: GIV3T5M3.lnk = C:\WINDOWS\giv3t5m3.exe
O4 - Global Startup: V2DX8VJW.lnk = C:\WINDOWS\v2dx8vjw.exe
O4 - Global Startup: CQKEQVTI.lnk = C:\WINDOWS\cqkeqvti.exe
O4 - Global Startup: 93I3I8UN.lnk = C:\WINDOWS\93i3i8un.exe
O4 - Global Startup: H5JHUW76.lnk = C:\WINDOWS\h5jhuw76.exe
O4 - Global Startup: 13ZHR7BI.lnk = C:\WINDOWS\13zhr7bi.exe
O4 - Global Startup: 40ZU8NF9.lnk = C:\WINDOWS\40zu8nf9.exe
O4 - Global Startup: TWCY7LPH.lnk = C:\WINDOWS\twcy7lph.exe
O4 - Global Startup: G3T0ZDFA.lnk = C:\WINDOWS\g3t0zdfa.exe
O4 - Global Startup: DPG0BMJ5.lnk = C:\WINDOWS\dpg0bmj5.exe
O4 - Global Startup: O8N7TYNE.lnk = C:\WINDOWS\o8n7tyne.exe
O4 - Global Startup: I1FHBXU5.lnk = C:\WINDOWS\i1fhbxu5.exe
O4 - Global Startup: 1NA9EPI6.lnk = C:\WINDOWS\1na9epi6.exe
O4 - Global Startup: RF321303.lnk = C:\WINDOWS\rf321303.exe
O4 - Global Startup: P5HI2X0R.lnk = C:\WINDOWS\p5hi2x0r.exe
O4 - Global Startup: QT2CMCP1.lnk = C:\WINDOWS\qt2cmcp1.exe
O4 - Global Startup: 0OKW2XV3.lnk = C:\WINDOWS\0okw2xv3.exe
O4 - Global Startup: QR56176R.lnk = C:\WINDOWS\qr56176r.exe
O4 - Global Startup: OUX3PN1A.lnk = C:\WINDOWS\oux3pn1a.exe
O4 - Global Startup: Q1RO9K9H.lnk = C:\WINDOWS\q1ro9k9h.exe
O4 - Global Startup: G9HHQUI3.lnk = C:\WINDOWS\g9hhqui3.exe
O4 - Global Startup: CE66DJ87.lnk = C:\WINDOWS\ce66dj87.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.budd...llInstaller.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

#2 Fake Star

Fake Star

    Member

  • New Member
  • Pip
  • 4 posts

Posted 27 May 2004 - 07:07 PM

Bump.

#3 Fake Star

Fake Star

    Member

  • New Member
  • Pip
  • 4 posts

Posted 28 May 2004 - 01:12 AM

Wow, did this get pushed back quick...! Heh heh.

#4 Fake Star

Fake Star

    Member

  • New Member
  • Pip
  • 4 posts

Posted 29 May 2004 - 04:42 AM

Bump.

#5 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 29 May 2004 - 07:22 AM

Hi,
You certainly have some serious issues!

Start by turning off "System Restore" (see "How To" below) and leave it off until you have your system cleaned up.

C:\WINDOWS\SYSTEM\Kernel.dll = VBS.Redlof.A
Print out the above, follow the "manual" method for removal. Then reboot.

Next: run an online scan at Trend Micro HouseCall:
http://housecall.ant...m/pc_housecall/

After the above ...

Download: SpyBot-Search & Destroy 1.3
http://majorgeeks.co...wnload2471.html

Run a scan, "fix" everything marked in red.

After the above post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button