computer slowing down and hanging

[moose69]

Hi my computer is slowing down and hanging, I just cleared out some viruses and spyware things improved a little but its still buggy. I would really appreciate it if someone could check my hijackthis log.

Logfile of HijackThis v1.97.2
Scan saved at 18:19:09, on 15/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\Program Files\Sygate\SPF\Smc.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\snmp.exe
E:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
E:\WINNT\system32\stisvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\SymTray.exe
E:\Program Files\1stDialer\1stdialer.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
E:\Program Files\NetInternals\CostAware\niIPCApp.exe
E:\Program Files\Crystal Internet Meter\cimeter.exe
E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
E:\Program Files\Winad Client\Winad.exe
E:\WINNT\niaeboxf.exe
E:\Program Files\Winad Client\WinClt.exe
E:\PROGRA~1\INTERN~1\iexplore.exe
E:\winnt\180ax.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
E:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
E:\WINNT\Plaxo\1.5.2.32\InstallStub.exe
E:\WINNT\system32\rundll32.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\AceBIT\Password Depot\PasswordDepot.exe
E:\Program Files\Internet Explorer\iexplore.exe
D:\Software\Internet\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [1stDialer] E:\Program Files\1stDialer\1stdialer.exe
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CostAware] E:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [Crystal Internet Meter] E:\Program Files\Crystal Internet Meter\cimeter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Winad Client] E:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [bhprscb] E:\WINNT\niaeboxf.exe
O4 - HKLM\..\Run: [180ax] e:\winnt\180ax.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] E:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "E:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [Sygate Personal Firewall] E:\Program Files\Sygate\SPF\Smc.exe
O4 - HKCU\..\Run: [PlaxoUpdate] E:\WINNT\Plaxo\1.5.2.32\InstallStub.exe -a
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1023.dll,InstantAccess
O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] E:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe /PERSISTREGCOMPACT
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] E:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = E:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://e:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1023_EN.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843010.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.30625
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://K:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/ffvg.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2FBB27F-1CD9-4204-A81A-218BBB99496D}: NameServer = 195.218.116.2 194.46.8.57

 

[bobol]

bump;
and did you use adaware and spybot...
try this one also -cw shredder http://www.soft32.com/download-CWShredder-19014
Perhaps you have startup program issues....
someone with hjt know-all can address that I suppose.

 

[MFDnNC]

You need to do 2 things, get the current version of HJT (MajorGeek has it) and 2) run it with nothing else running

 

[moose69]

Hi bobol
I ran adaware6 ,spybot, anity ghostbusters & norton antivirus before I made the hijack this logfile with an old ver of HJT. Thanks for the input

 

[moose69]

Hi MFDnSC

Thanks for your reply.
I got a new copy of HJT from majorgeeks like u suggested. I ran it with on its own.

This is the logfile generated. Can u please tell me what to do next.

Logfile of HijackThis v1.98.2
Scan saved at 16:45:23, on 16/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\Program Files\Sygate\SPF\Smc.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\snmp.exe
E:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
E:\WINNT\system32\stisvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\SymTray.exe
E:\Program Files\Crystal Internet Meter\cimeter.exe
E:\Program Files\Winad Client\Winad.exe
E:\WINNT\niaeboxf.exe
E:\Program Files\Winad Client\WinClt.exe
E:\winnt\180ax.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINNT\Plaxo\1.5.2.32\InstallStub.exe
E:\WINNT\system32\rundll32.exe
E:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [1stDialer] E:\Program Files\1stDialer\1stdialer.exe
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CostAware] E:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [Crystal Internet Meter] E:\Program Files\Crystal Internet Meter\cimeter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Winad Client] E:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [bhprscb] E:\WINNT\niaeboxf.exe
O4 - HKLM\..\Run: [180ax] e:\winnt\180ax.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] E:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] E:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] E:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "E:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [Sygate Personal Firewall] E:\Program Files\Sygate\SPF\Smc.exe
O4 - HKCU\..\Run: [PlaxoUpdate] E:\WINNT\Plaxo\1.5.2.32\InstallStub.exe -a
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1023.dll,InstantAccess
O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] E:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe /PERSISTREGCOMPACT
O4 - Global Startup: InterVideo Scheduler server.lnk = E:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://e:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1023_EN.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843010.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://K:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/ffvg.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe

 

[moose69]

Hi Is there anyone out there with HJT skills that can advise me on the HJT log please

 

[natcom]

sure moose69 fix this

E:\Program Files\Winad Client\Winad.exe {note see if you can delate from add/remove programs as well }

E:\Program Files\Winad Client\WinClt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.c

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startno


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://u.tv/ {note if you dont know this site fix it }

O4 - HKLM\..\Run: [Winad Client] E:\Program Files\Winad Client\Winad.exe

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1023.dll,InstantAccess

O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] E:\Program Files\iolo\System Mechanic 4

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binari...UTH_1023_E

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...d3 f555314

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://K:\SuperCD\IntraLaunch.CAB

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/ffvg.cab

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe

lose All Explorer adn IE Windows, check the above lines in hijackthis and click on Fix Checked !!
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found if any
3. Run the Spyware Removal tools and delete everything they detect if any
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone or not
10. Post Back and Good Luck

 

[moose69]

Hi natcom
I followed your instructions and things improved for a while then it started to happen again. I was trying to post a reply hereand it kept cutting out on me. So I went for a wipe and reload and I am back up now and everything is working as it should so far. Thanks for all your help.

moose69