going crazy trying to play online games

[jamielynn]

if someone could help me with this, i will love you forever. see, i'm addicted to text twist and too cheap to buy it, so i play on yahoo and whatnot. recently, my stupid laptop won't allow me to play ANY games online anymore. we're talking EVERYTHING from arcade games to crossword puzzles, as soon as the game window opens, every internet window closes immediately. this just started happening all of a sudden...and i'm getting angry. its an IBM thinkpad laptop, i've tried both internet explorer and firefox, and i couldnt even tell you what connection we have, being that i dont pay the bill (so life ain't so bad) nothing else on the computer goes snafu, there's no noises, it just simply closes all internet applications and laughs sliently at my general misfortune. please someone tell me what i need to do to amuse myself all day again!

 

[HenryVI]

Do you have Hijackthis? And spyware killers??

 

[Cheeseball81]

It could possibly be Java related.

Do you get any errors when it closes out?

 

[jamielynn]

no, there's no errors when firefox closes, and yes i've been running spybot and adaware like its my hobby! its like ghosts or something! and they want me to be miserable...

 

[HenryVI]

Do you have hijackthis?

 

[jamielynn]

i don't...i take it its something i should try next huh? i' gonna try that...thanks dude

 

[HenryVI]

Download from
http://www.greyknight17.com/spy/HijackThis.exe

Save it to the C:\ drive and post a logfile here.

 

[jamielynn]

Logfile of HijackThis v1.99.1
Scan saved at 9:24:51 PM, on 6/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\ltcm000c.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINNT\system32\iuevhn\yxrywemo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stasha\Desktop\hijackthis1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=asdfghjkl
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {EE1BD4FD-052D-6250-3836-214B8F2C655A} - C:\WINNT\system32\yomlikic\vyfmyyln.dll (file missing)
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ymcomgsa] C:\Program Files\Omxnck\Folyhzj.exe
O4 - HKLM\..\Run: [lmu] C:\WINNT\LMU.exe
O4 - HKLM\..\Run: [C:\WINNT\hqjyr.exe] C:\WINNT\hqjyr.exe
O4 - HKLM\..\Run: [pfc3sykf] C:\Program Files\pfc3sykf\pfc3sykf.exe
O4 - HKLM\..\Run: [vdcvvbm] C:\WINNT\system32\nypm\vdcvvbm.exe
O4 - HKLM\..\Run: [nhvu] C:\WINNT\system32\fbytacv\nhvu.exe
O4 - HKLM\..\Run: [efnkkm] C:\WINNT\system32\ymusmbp\efnkkm.exe
O4 - HKLM\..\Run: [ejwcjpfb] C:\WINNT\system32\kntjmrws\ejwcjpfb.exe
O4 - HKLM\..\Run: [bfpxsv] C:\WINNT\system32\gvlohdm\bfpxsv.exe
O4 - HKLM\..\Run: [kmasmdcm] C:\WINNT\system32\dltjh\kmasmdcm.exe
O4 - HKLM\..\Run: [rpmesg] C:\WINNT\system32\xcofq\rpmesg.exe
O4 - HKLM\..\Run: [iqesucim] C:\WINNT\system32\pxjtrgm\iqesucim.exe
O4 - HKLM\..\Run: [AutoLoader20561MIVOYPX] "C:\WINNT\system32\mcirec32.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [27mg32V] mcirec32.exe
O4 - HKLM\..\Run: [smfc] C:\WINNT\system32\uixt\smfc.exe
O4 - HKLM\..\Run: [qsil] C:\WINNT\system32\ndwfj\qsil.exe
O4 - HKLM\..\Run: [jehbiet] C:\WINNT\system32\lqtdp\jehbiet.exe
O4 - HKLM\..\Run: [sahicnx] C:\WINNT\system32\uceeax\sahicnx.exe
O4 - HKLM\..\Run: [ihdlmvxa] C:\WINNT\system32\kwffkenj\ihdlmvxa.exe
O4 - HKLM\..\Run: [enigg] C:\WINNT\system32\nfkvgi\enigg.exe
O4 - HKLM\..\Run: [odnrgkuy] C:\WINNT\system32\elehbxx\odnrgkuy.exe
O4 - HKLM\..\Run: [sxeh] C:\WINNT\system32\uklxgmpn\sxeh.exe
O4 - HKLM\..\Run: [kefy] C:\WINNT\system32\evfndw\kefy.exe
O4 - HKLM\..\Run: [hdolwbqg] C:\WINNT\system32\wathycx\hdolwbqg.exe
O4 - HKLM\..\Run: [tetu] C:\WINNT\system32\gfgil\tetu.exe
O4 - HKLM\..\Run: [gymhm] C:\WINNT\system32\fjuvc\gymhm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [myscf] C:\WINNT\system32\lsgw\myscf.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Stasha\LOCALS~1\Temp\imxah.exe
O4 - HKLM\..\Run: [huche] C:\WINNT\system32\kpsvvb\huche.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [jjec] C:\WINNT\system32\ultfrd\jjec.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [yxrywemo] C:\WINNT\system32\iuevhn\yxrywemo.exe
O4 - HKLM\..\Run: [ahycks] C:\WINNT\system32\ufigjskq\ahycks.exe
O4 - HKLM\..\Run: [saslb] C:\WINNT\system32\iwiptm\saslb.exe
O4 - HKLM\..\Run: [fwid] C:\WINNT\system32\svewqhga\fwid.exe
O4 - HKLM\..\Run: [tuvxobsg] C:\WINNT\system32\mhthf\tuvxobsg.exe
O4 - HKLM\..\Run: [lhjjsw] C:\WINNT\system32\jgsepfi\lhjjsw.exe
O4 - HKLM\..\Run: [qtuug] C:\WINNT\system32\asvtt\qtuug.exe
O4 - HKLM\..\Run: [jxhb] C:\WINNT\system32\queoibn\jxhb.exe
O4 - HKLM\..\Run: [gmdoonh] C:\WINNT\system32\pbcjchyw\gmdoonh.exe
O4 - HKLM\..\Run: [dpme] C:\WINNT\system32\mhmcpjiu\dpme.exe
O4 - HKLM\..\Run: [kgtv] C:\WINNT\system32\vufaafl\kgtv.exe
O4 - HKLM\..\Run: [vysiilo] C:\WINNT\system32\idjdittx\vysiilo.exe
O4 - HKLM\..\Run: [olanafi] C:\WINNT\system32\gftbfua\olanafi.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINNT\sfita.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: huchekpsvvb - Unknown owner - C:\WINNT\system32\kpsvvb\huche.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: yxrywemoiuevhn - Unknown owner - C:\WINNT\system32\iuevhn\yxrywemo.exe

 

[HenryVI]

Hmmmm.....not the expert (Cheeseball81 can help better than me) but do you know this site 216.39.69.102?

 

[HenryVI]

OMG I found it I think!!

 

[HenryVI]

nvm, ask cheeseball when she get's back on....Sorry I couldn't help.....

 

[jamielynn]

so tell me!!!!!!!!!!!!!!!!!
and i dont know that site or whatever?

 

[HenryVI]

Nononnononono, cheeseball is Cheeseball81, who posted above.

But I thought I had found it and then I saw that half of your O4 files I couldn't find which means something's up (I think)...

 

[Cheeseball81]

Wow. That's some amount of infection you have.

Please download and run the following:

Ad-Aware SE: http://www.majorgeeks.com/download506.html

Install the program and launch it.
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).

Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.
After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.
When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Recent tests suggest that a combination of Ad-Aware & M$ AntiSpy removes about 80% of spyware/adware.
(Much higher than any other combination.)

Restart your computer.

Post a new Hijack This log.

 

[jamielynn]

apparently im not cool enough to download that program...it says theres an error when we put in the validation code on the bottom of the computer. im starting to think its ghosts...