1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help PLEASE my computer is slow and i get lots and lots of popups

Discussion in 'Virus & Other Malware Removal' started by Fernandita, Oct 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Fernandita

    Fernandita Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    3
    PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
    THNK YOU VERY VERY MUCH!


    Logfile of HijackThis v1.97.3
    Scan saved at 19:54:12, on 14/10/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
    C:\Archivos de programa\Winamp\Winampa.exe
    C:\ARCHIV~1\NORTON~1\navapw32.exe
    C:\Archivos de programa\rb32\rb32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\Orbit\update.exe
    C:\Archivos de programa\Orbit\view.exe
    C:\WINDOWS\webassist.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\rundll16.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Fernanda\Configuración local\Temp\Directorio temporal 1 para hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://D5617.find-quick.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Archivos de programa\Archivos comunes\OE\search.dll
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\ARCHIV~1\COMMON~1\Toolbar\cnbabe.dll (file missing)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: HTML Source Editor - {05BBB56A-2A69-4a5c-BFDA-43295DD67434} - C:\WINDOWS\Downloaded Program Files\winy.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
    O2 - BHO: (no name) - {238a6e39-a9bf-4d07-9688-eb73c0e616d2} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O2 - BHO: (no name) - {509ae355-b805-455b-9ca7-71f5f2fa0cbd} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\winshow.dll
    O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Archivos de programa\Archivos comunes\OE\toolbar.dll
    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\rundll16.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Archivos de programa\Archivos comunes\OE\redirector.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem213.dll
    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Archivos de programa\Xupiter\XupiterToolbar.dll
    O3 - Toolbar: tqychoodglq - {fb792aef-fbe5-4f8e-b53f-7ce8fc54ee21} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O3 - Toolbar: tqychoodglq - {b0d5d4b2-455d-4e90-b5c2-f4ea823fb58b} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)
    O3 - Toolbar: IEToolbar.clsIEToolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26} - C:\WINDOWS\System32\ietoolbar.dll
    O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Archivos de programa\Archivos comunes\OE\toolbar.dll
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [rb32 lptt01] "C:\Archivos de programa\rb32\rb32.exe"
    O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Archivos de programa\Orbit\update.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Archivos de programa\Orbit\view.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\ARCHIV~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Dialer] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\MSA32CHK.dll,Reg SuperWeb
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Messenger8 (HKCU)
    O9 - Extra 'Tools' menuitem: Messenger8 (HKCU)
    O9 - Extra button: SuperWeb (HKCU)
    O9 - Extra 'Tools' menuitem: SuperWeb (HKCU)
    O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt2_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://members1.arnhem.chello.nl/~m.e.e.egberink/freedownload.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A} (Marcador Class) - http://acceso.masminutos.com/software.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install042.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/payload2.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3} (IntRuboskizo Class) - http://www.goxproductions.com/dialers/dialerweb.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/ASH19108/ashton.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v40/pool/pool.cab
    O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.chicasmodelos.com/ruboskizo2.cab
    O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://207.44.176.11/auth/IE_InstllC.exe
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://www.winaplasmatvnow.com/winy.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2270a994c453cfe32a02/netzip/RdxIE601.cab
    O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/latam/TemplateGallery/msotd.cab
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://www.toolbar.google.com/data/es/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/291/nCaseInstaller.cab
    O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotica.com/download/1,2,0,4/cabdll.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.mildescargas.com/SysWebTelecom2.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
    O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37752.6728009259
    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.sonyericsson.com/t300/games/mophun.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/gxbplug.dll
    O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://active.macromedia.com/flash5/cabs/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/1105030103/VBouncerOuter1105.exe
    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.getweathercast.com/WUInstCAST.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O16 - DPF: {F4C8D591-CC23-4FC6-A152-9CD02BD017B8} - http://www.searchwww.com/toolbar/toolbar.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0010.cab
    O16 - DPF: {FC6FA170-A89D-4AC7-A198-34E279960EBA} (PhotosCtrlMX Class) - http://mx.f1.pg.photos.yahoo.com/ocx/mx/yexplorer1_9mx.cab
    O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\Software\..\Telephony: DomainName = scrk.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88B947AA-7F36-421C-A0A7-588E8FE50649}: Domain = scrk.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com
     
  2. Mr_Webmaster

    Mr_Webmaster

    Joined:
    May 15, 2003
    Messages:
    419
    You should have started this in a new topic.
     
  3. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Fernandita, like Webmaster says, you should open your own thread because hijacking someone elses can be confusing. You have a hell of a lot of rubbish in your log!:eek: This could take you a while to fix.

    Before we fix anything on your log though, you need to download RapidBlasterKiller from here.

    When you have run it then download CoolWebShredder from here.

    Then, go here and install Spybot Search & Destroy: http://tomcoyote.org/SPYBOT/index1.html including a tutorial on removing spyware/adware etc. Do a full scan with this when it is configured correctly, and delete ALL the RED entries. Then reboot.

    Then use this thread by Winchester to install and configure Lavasoft AdAware: http://forums.techguy.org/t164245/s.html
    Do a full scan and delete ALL the entries. Then reboot.

    When you have done all these steps, (have patience, it should take a long while), then close all browser windows and do another scan with HijackThis and post the log here. If there's anything left we'll be glad to help you remove it.

    When you have
    You would also be advised to goto http://www.javacoolsoftware.com/spywareblaster.html and download SpywareBlaster and SpyGuard which will help prevent the spyware from being installed in the first place.
     
  4. Fernandita

    Fernandita Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    3
    First of all Sorry!!! :rolleyes:I was really desperate cus its impossible to work with my computer, i get SATURATED with pop ups ads many of them really offensive... Now I startes this as a new message PLEASE HELP
    I did the first steps, but i cant download the CoolWebShredder
    Thank YOU!!


    Fernandita, like Webmaster says, you should open your own thread because hijacking someone elses can be confusing. You have a hell of a lot of rubbish in your log! This could take you a while to fix.

    Before we fix anything on your log though, you need to download RapidBlasterKiller from here.

    When you have run it then download CoolWebShredder from here.

    Then, go here and install Spybot Search & Destroy: http://tomcoyote.org/SPYBOT/index1.html including a tutorial on removing spyware/adware etc. Do a full scan with this when it is configured correctly, and delete ALL the RED entries. Then reboot.

    Then use this thread by Winchester to install and configure Lavasoft AdAware: http://forums.techguy.org/t164245/s.html
    Do a full scan and delete ALL the entries. Then reboot.

    When you have done all these steps, (have patience, it should take a long while), then close all browser windows and do another scan with HijackThis and post the log here. If there's anything left we'll be glad to help you remove it.

    When you have
    You would also be advised to goto http://www.javacoolsoftware.com/spywareblaster.html and download SpywareBlaster and SpyGuard which will help prevent the spyware from being installed in the first place.


    First of all Sorry!!! :rolleyes:I was really desperate cus its impossible to work with my computer, i get SATURATED with pop ups ads many of them really offensive... Now I startes this as a new message PLEASE HELP
     
  5. stod73

    stod73

    Joined:
    Aug 13, 2003
    Messages:
    832
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Did you use the programs directed for you ?
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I am splitting the previous posts and merging them with another so this will make more sense.
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    1 -- Download and run Rapid Blaster killer:

    http://www.wilderssecurity.net/specialinfo/rapidblaster.html

    2 -- Check and "Fix" all entries below with HijackThis. Make sure all browser windows are closed before clicking "fix checked". Reboot afterwards:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orbitexplorer.com/cgi-bi...=&affid=1cj
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.findthewebsiteyouneed.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://D5617.find-quick.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bi...=&affid=1

    R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Archivos de programa\Archivos comunes\OE\search.dll

    ALL the 01 Hosts entries!

    O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\ARCHIV~1\COMMON~1\Toolbar\cnbabe.dll (file missing)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: HTML Source Editor - {05BBB56A-2A69-4a5c-BFDA-43295DD67434} - C:\WINDOWS\Downloaded Program Files\winy.dll

    O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
    O2 - BHO: (no name) - {238a6e39-a9bf-4d07-9688-eb73c0e616d2} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O2 - BHO: (no name) - {509ae355-b805-455b-9ca7-71f5f2fa0cbd} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\winshow.dll
    O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Archivos de programa\Archivos comunes\OE\toolbar.dll
    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\rundll16.dll

    O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Archivos de programa\Archivos comunes\OE\redirector.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem213.dll
    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Archivos de programa\Xupiter\XupiterToolbar.dll
    O3 - Toolbar: tqychoodglq - {fb792aef-fbe5-4f8e-b53f-7ce8fc54ee21} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)
    O3 - Toolbar: tqychoodglq - {b0d5d4b2-455d-4e90-b5c2-f4ea823fb58b} - C:\DOCUME~1\Mayo\DATOSD~1\aprouooeewss.dll (file missing)

    O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)
    O3 - Toolbar: IEToolbar.clsIEToolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26} - C:\WINDOWS\System32\ietoolbar.dll
    O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Archivos de programa\Archivos comunes\OE\toolbar.dll


    O4 - HKLM\..\Run: [rb32 lptt01] "C:\Archivos de programa\rb32\rb32.exe"
    O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Archivos de programa\Orbit\update.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Archivos de programa\Orbit\view.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe

    Check and fix these two if you don't know what they are, I don't:

    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe


    O4 - HKCU\..\Run: [Dialer] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\MSA32CHK.dll,Reg SuperWeb

    I don't have time to check all your 016 entries but these should be deleted immediately:

    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab

    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/inst...olbarLoader.cab

    O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\Software\..\Telephony: DomainName = scrk.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88B947AA-7F36-421C-A0A7-588E8FE50649}: Domain = scrk.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = scrk.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1C17E1CC-9030-4861-8BC6-1D876506ABF1}: Domain = scrk.com

    3 -- Install, UPDATE, and run either or preferably both, of these programs according to directions:

    Spybot Instructions and Download
    Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

    >> be sure to reboot after running them and having them "fix" found problems.

    4 -- Post another Scanlog when ready. I am going to move this to the Security forum as well.
     
  9. Fernandita

    Fernandita Thread Starter

    Joined:
    Oct 14, 2003
    Messages:
    3
    Seems that i have been creating a mess here.. Yup the programs are directed to me, what I did as they told me was to create a new post instead of putting it in the middle of someone else.
    Im about to download the Lavasoftadware, and seems that my computer is getting better, so i guess im doing a good job folowing the instructions that they gave me..
    Thanx a lot.
    BTW im am from mexico so that is why my spelling is not excelent but the point here is that you are understanding me and i am understanding you.
    THANX
    :D
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I though i'd help you out a bit Rog



    All these need to go too:

    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8108/turbo.cab

    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install042.exe

    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab

    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab

    O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://207.44.176.11/auth/IE_InstllC.exe

    O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB

    O16 - DPF: {F4C8D591-CC23-4FC6-A152-9CD02BD017B8} - http://www.searchwww.com/toolbar/toolbar.cab

    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/11050301...erOuter1105.exe

    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab

    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download...ptdmgainads.cab

    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab

    O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://207.44.176.11/auth/IE_InstllC.exe

    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab

    O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotica.com/download/1,2,0,4/cabdll.cab

    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binari...TML_pack_XP.cab

    O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab

    As Rog said post another log when you've done all that. There are so many I'm sure I missed some.
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Rog...............An update from TK found that belt.exe is now a known baddie.....weve been seeing it quite a bit the last couple of weeks.All the relevent sites have been sent copies.
    It's an adware downloader trojan, abetterinternet related.

    ;)
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Definitely appreciate the help from both you guys!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172202

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice