1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help! please check if there is a problem

Discussion in 'Virus & Other Malware Removal' started by H-2-0, Nov 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    hi need help on this, it seems my computer is much slower loading times is much longer than before, oh and i just installed new spyware protections and avg..i dont know if this is the cause:(
    my system is: amd athlon 1.1ghz 256mb of ram and 128 videocard..
     

    Attached Files:

  2. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    bump..help!..my computer is too damn slow..its not like this before i installed avg and other protection program...
     
  3. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    guyz i need professional help...please! ill post my hijack this here

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:56:54 PM, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    E:\Installers\[email protected]!s.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O1 - Hosts: <html>
    O1 - Hosts: <head>
    O1 - Hosts: <title>Welcome to Yahoo! GeoCities - Your Home on the Web &reg;</title>
    O1 - Hosts: </head>
    O1 - Hosts: <body bgcolor=#ffffff>
    O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
    O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
    O1 - Hosts: <table border=0 width=600 cellspacing=0 cellpadding=0><tr><td width="1%"><a href="http://geocities.yahoo.com/"><img
    O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/us/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a></td><td><table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td align=right valign=bottom nowrap><font face=arial size=-1><a href="http://www.yahoo.com">Yahoo!</a>
    O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
    O1 - Hosts: </font>
    O1 - Hosts: </td></tr></table><hr size=1></td></tr></table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width=600 cellpadding=4 cellspacing=0 border=0>
    O1 - Hosts: <tr bgcolor=003399><td><font face=arial size=+1 color=ffffff><b>Sorry, the site you requested is inactive.</b></font></td>
    O1 - Hosts: </tr>
    O1 - Hosts: </table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width="600" border="0" cellspacing="0" cellpadding="0"><tr><td align=center valign=top>
    O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr><td valign=top>
    O1 - Hosts: <table width="100%" cellpadding=4 cellspacing=0 border=0 bgcolor=ffffee><tr><td valign=top>
    O1 - Hosts: <font face=arial size=-1>
    O1 - Hosts: This GeoCities site has been deactivated due to inactivity.
    O1 - Hosts: <p>
    O1 - Hosts: <strong>Are you the site owner?</strong> <br>
    O1 - Hosts: <a href="http://geocities.yahoo.com/v/activate.html">Click here</a> to reactivate your site.
    O1 - Hosts: <p>
    O1 - Hosts: <strong>Are you a visitor?</strong> Try a search below.
    O1 - Hosts: </font>
    O1 - Hosts: <br><br>
    O1 - Hosts: </td></tr></table></td></tr></table>
    O1 - Hosts: </td></tr></table>
    O1 - Hosts: <br>
    O1 - Hosts: <table width="600" cellpadding=4 cellspacing=0 border=0 bgcolor=eeeeee><tr><td valign=top>
    O1 - Hosts: <font face=arial size=-1><b>Search Yahoo! GeoCities</b></font></td></tr></table>
    O1 - Hosts: <br><form action="http://geocities.yahoo.com/search" method=get>
    O1 - Hosts: <input size=32 name=p value="">&nbsp;<input type=submit value="Search"><p>
    O1 - Hosts: <p>
    O1 - Hosts: <strong><font face=arial size=-1>Advanced GeoCities search options </font></strong>
    O1 - Hosts: <p>
    O1 - Hosts: <table border=0 cellpadding=2 cellspacing=0>
    O1 - Hosts: <tr><td valign=top>
    O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
    O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 1</b></font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=i checked></td><td><font face=arial size=-1>Intelligent default</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=p></td><td><font face=arial size=-1>An exact phrase match</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=a></td><td><font face=arial size=-1>Matches on all words (AND)</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=o></td><td><font face=arial size=-1>Matches on any word (OR)</font></td></tr></table>
    O1 - Hosts: </td><td>&nbsp;</td><td valign=top>
    O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
    O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 2</b></font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=c ></td><td><font face=arial size=-1>Yahoo! GeoCities Categories</font></td></tr>
    O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=s checked></td><td><font face=arial size=-1>Yahoo! GeoCities Web Sites</font></td></tr></table>
    O1 - Hosts: </td></tr></table>
    O1 - Hosts: </form>
    O1 - Hosts: <p>
    O1 - Hosts: <br>
    O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
    O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
    O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
    O1 - Hosts: <font face=arial size=-2><A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> &#183; <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
    O1 - Hosts: </font></td></tr></table></td></tr></table>
    O1 - Hosts: <p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright &copy; 2004 <a href="http://www.yahoo.com" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="http://privacy.yahoo.com/privacy/us/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
    O1 - Hosts: </body>
    O1 - Hosts: </html>
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED01D0B0-FFBB-42C5-8C11-3EFF695C3695}: NameServer = 202.81.160.6 202.81.160.7
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 18152 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
    Have you tried doing a system restore to a date just before this started?
     
  5. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    yes sir..i also did a scan disk a disk defrag and a diks clean up but still no avail..:(
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
    Well, for one thing, 256 mb RAM is not enough for running XP so you should add another 256 at least to bring it to 512.

    Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.

          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.



    Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.
    • After download, double click on the file to launch the install process.
    • Choose a language, click "OK" and then click "Next".
    • Read the "License Agreement" and click "I Agree".
    • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
    • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
      Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
    • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
    Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

    Scan with AVG Anti-Spyware as follows:
    • Click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
    • Under "Reports" select "Do not automatically generate reports".
    • Click the "Scan" tab to return to scanning options.
    • Click "Complete System Scan" to start.
    • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
    • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
    IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
    • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  7. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    hi!, tnx for the advice but 1 problem when i try my computer in safe mode, when it loads the drivers something appears it says "press esc to skip a347bus.sys" and when i press esc the computer restarts and even if i dont press the esc it still restarts?..so what to do next?
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
    I believe that driver belongs to Alcohol 120%. Do you have that program?

    For now, you can run the scans in normal mode.
     
  9. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    yes i do have that program,.well ill just run it in normal mode.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
  11. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    hi! sorry for posting late..been busy on school..heres the scans..and panda didint detected anything tho..an
     

    Attached Files:

  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
    Download ComboFix and save it to your desktop.

    **Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Close any open browsers.

    2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
     
  13. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    hi sir!..heres the logs..
     

    Attached Files:

  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,329
    First Name:
    Karen
    Read here about MegauploadToolbar and then decide if you still want to keep it.

    http://www.castlecops.com/modules.php?name=CLSID&query=MegauploadToolbar


    Be sure to plug in your flash drive (your H drive) before doing this.

    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
     
  15. H-2-0

    H-2-0 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    133
    hi sir!, here's the log and a new hijackthis.log..it really looks cleaner,,so mega upload toolbar is not really safe huh?..but i sometimes download at megaupload and i always get that server is full thing..you know any idea how to bypass that?
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650077

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice