POP UPS!!! and everything else

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mics0606

Thread Starter
Joined
Apr 24, 2007
Messages
37
ok i need some help badly ith his one. i think im fairly well with computers but this one is out of my league...or im missing somthing....

brief explaination: longstory short... a file some how got downloaded on my girlfriends comp. called vista.exe i was an idiot right clicked and was going to properties and i clicked open instead....well it def. wasnt vista. dos window opened up closed 30 sec. later and now all hell broke loose on this computer. :mad: so ikeep running sb s&d and eusing registr cleaner. but whaever it is kees on responing...i get about 25 pop-ups and hour and the computer runs alot slower now. also the 2 websites i get most are pcsecurityshield.com and registrydefender.com. cant shutdown limewire anymore cause it reboots itself on her computer. she uninstalled it and it still trys to reboot. i get a aa hing that pops up. went into c: and tried to delete it it wont let me delete anything left iN the file. its all vorbis and jar in the names. there are two files that search and destoy cant get rid of its these.

Spy bot S&D

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdservice
HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\services\cmdservice

~~~~~~~~~~~~~~~~~~~`
any help would be great i have to keep the computer unplugged from the network its so bad. if i clean it off in a matter of minutes everything respawns!!!!!!!!!

THANKS IN ADANCE
~MIC

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

HJT LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:36 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\S2FyZW4gUGFseXM\command.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\windows\system32\jswnw64m.exe
C:\Documents and Settings\Karen Palys\lsass.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Karen Palys\Application Data\Microsoft\Windows\rayiou.exe
C:\Documents and Settings\Karen Palys\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\system32\pcnttkwd.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\system32\ASKS~1\netdde.exe
C:\Program Files\s?curity\m?iexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [{4E-E1-15-52-DW}] C:\windows\system32\jswnw64m.exe DWram
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Karen Palys\lsass.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\pcnttkdn.exe DWram
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [a4e4e1fd] rundll32.exe "C:\WINDOWS\system32\yojsplxh.dll",b
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcnttkwd.exe DWram
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Karen Palys\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Karen Palys\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Cseh] "C:\WINDOWS\system32\ASKS~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Bgcghe] "C:\Program Files\s?curity\m?iexec.exe"
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcnttkwd.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64m.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FyZW4gUGFseXM\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://img.rubberslug.com/user/d113381d56184948b174b454ea98cfa4/73448-5404932-CCEL CHsCATpct.jpg
O24 - Desktop Component 1: (no name) - http://collegeofcomplexes.homestead.com/files/fortune_teller_hg_wht.gif

--
End of file - 7737 bytes


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Java:

LimeWire version 4.14.12
Java version 1.5.0_03 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 31459160/33357824

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid xml.war
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:292)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:45)

STARTUP ERROR!

-- listing properties --
DHT_NODE_ID=AB0B0DF2DCD12F742B3390347BA93A3B535434E2
INSPECTION_VERSION=1201723142643
WINDOW_Y=0
LAST_HTTP_FAILOVER=1206579136006
WINDOW_X=0
PORT=17972
TOTAL_CONNECTION_TIME=588093765
RUN_ON_STARTUP=false
ACTIVE_DHT_ROUTETABLE_VERSION=1
UPDATE_DELAY=25200001
UPDATE_GIVEUP_FACTOR=49
CUSTOM_INETADRESS_TO_BIND=192.168.0.36
FILTER_HASH_QUERIES=true
INSTALLED=true
DISABLE_DHT_NETWORK=false
MAX_ALTS_PER_RESPONSE=11
UI_LIBRARY_TREE_DIVIDER_LOCATION=180
PUBLISH_ALT_LOCS=true
AVERAGE_UPTIME=111221
TOTAL_UPTIME=1445882
SEND_LIME_RESPONSES=0.999f
MAX_UPLOAD_BYTES_PER_SEC=5
DISABLE_OOB_V2=0.999f
MIN_CONNECT_TIME=4
CONTENT_AUTHORITIES=fserv1.limewire.com:10000
LAST_SHUTDOWN_TIME=1206850634149
APP_WIDTH=1024
ENABLE_PASSIVE_LEAF_DHT_MODE=true
SESSIONS=14
UPDATE_MIN_ATTEMPTS=1999
SHOW_TOTD=false
MAX_ALTS_TO_DISPLAY=5
DHT_MODE=PASSIVE_LEAF
ENABLE_PASSIVE_DHT_MODE=true
MAX_SKIP_ACKS=2
MAX_LEAVES=40
SHARE_DOWNLOADED_FILES_IN_NON_SHARED_DIRECTORIES=false
ALLOW_PARTIAL_SHARING=false
LAST_ACCEPTABLE_BUG_VERSION=4.13.15
FRACTIONAL_UPTIME=0.030667536
UPDATE_RETRY_DELAY=1800001
LIME_QRP_ENTRIES=lime;wire;limewire;pro;limewirepro
LAST_EXPIRE_TIME=1206578875922
SHARE_TORRENT_META_FILES=false
TOTAL_CONNECTIONS=15
DIRECTORY_FOR_SAVING_FILES=C:\Documents and Settings\All Users\D...
MAX_DOWNLOAD_BYTES_PER_SEC=73
MIN_PASSIVE_LEAF_DHT_INITIAL_UPTIME=300000
UPDATE_DOWNLOAD_DELAY=14400001
LAST_UPDATE_TIMESTAMP=1205950787906
LIME_SEARCH_TERMS=lime;wire;limewire;pro;limewirepro;
RUN_ONCE=true
DHT_BOOTSTRAP_HOSTS=76.8.67.2:6002
AVERAGE_CONNECTION_TIME=39206251
CRAWLER_IPS=76.8.67.2;76.8.67.4;64.61.25.172;64.1...
APP_HEIGHT=728
LIME_SIGNED_RESPONSE=VTWQABLTOIACAY3PNUXGY2LNMVTXE33VOAXGO...
PUBLISH_PUSH_PROXIES=true
MAX_DHT_ALT_LOC_QUERY_ATTEMPTS=500
MIN_PASSIVE_LEAF_DHT_AVERAGE_UPTIME=60000
INSPECTOR_IPS=76.8.67.2;76.8.67.4
LAST_GWEBCACHE_FETCH_TIME=1197847728967
ENABLE_PUSH_PROXY_QUERIES=true
UNSET_FIREWALLED_FROM_CONNECTBACK=true
CUSTOM_FD_CRITERIA=ups;atUpSet;<;cups;cUpSet;<;OR;NOT;la...
CLIENT_ID=AE304CCD7CD95DB7BEA1ECC96906DC00
HOSTILE_IPS=128.108.*.*;208.109.*.*;64.59.64.0/18...
MIN_ACTIVE_DHT_INITIAL_UPTIME=3600000
CONTENT_MANAGEMENT_ACTIVE=true
IDLE_CONNECTIONS=2
MIN_ACTIVE_DHT_AVERAGE_UPTIME=1800000



FILES IN CURRENT DIRECTORY:
C:\Program Files\limewire\commons-httpclient.jar.tmp
LAST MODIFIED: 1199505558026
SIZE: 445371

C:\Program Files\limewire\commons-logging.jar.tmp
LAST MODIFIED: 1199505558076
SIZE: 59154

C:\Program Files\limewire\commons-net.jar.tmp
LAST MODIFIED: 1199505558157
SIZE: 355370

C:\Program Files\limewire\commons-pool.jar.tmp
LAST MODIFIED: 1199505558217
SIZE: 158968

C:\Program Files\limewire\daap.jar.tmp
LAST MODIFIED: 1199505558317
SIZE: 375837

C:\Program Files\limewire\foxtrot.jar.tmp
LAST MODIFIED: 1199505558357
SIZE: 44273

C:\Program Files\limewire\httpcore-nio.jar.tmp
LAST MODIFIED: 1199505558427
SIZE: 257183

C:\Program Files\limewire\httpcore.jar.tmp
LAST MODIFIED: 1199505558507
SIZE: 273935

C:\Program Files\limewire\icu4j.jar.tmp
LAST MODIFIED: 1199505558637
SIZE: 741440

C:\Program Files\limewire\id3v2.jar.tmp
LAST MODIFIED: 1199505558707
SIZE: 94018

C:\Program Files\limewire\jcraft.jar.tmp
LAST MODIFIED: 1199505558767
SIZE: 136693

C:\Program Files\limewire\jdic.jar.tmp
LAST MODIFIED: 1199505558817
SIZE: 96604

C:\Program Files\limewire\jdic_stub.jar.tmp
LAST MODIFIED: 1199505558868
SIZE: 64134

C:\Program Files\limewire\jl011.jar.tmp
LAST MODIFIED: 1199505558958
SIZE: 255016

C:\Program Files\limewire\jmdns.jar.tmp
LAST MODIFIED: 1199505558998
SIZE: 69306

C:\Program Files\limewire\lib
LAST MODIFIED: 1206891568994
SIZE: 0

C:\Program Files\limewire\LimeWire.exe
LAST MODIFIED: 1196717753500
SIZE: 147456

C:\Program Files\limewire\LimeWire.jar.tmp
LAST MODIFIED: 1199505557285
SIZE: 10662732

C:\Program Files\limewire\log4j.jar.tmp
LAST MODIFIED: 1199505559158
SIZE: 677952

C:\Program Files\limewire\looks.jar.tmp
LAST MODIFIED: 1199505559288
SIZE: 630634

C:\Program Files\limewire\MessagesBundles.jar.tmp
LAST MODIFIED: 1199505557686
SIZE: 4279781

C:\Program Files\limewire\mp3sp14.jar.tmp
LAST MODIFIED: 1199505559338
SIZE: 40064

C:\Program Files\limewire\ProgressTabs.jar.tmp
LAST MODIFIED: 1199505557796
SIZE: 5786

C:\Program Files\limewire\themes.jar.tmp
LAST MODIFIED: 1199505559388
SIZE: 690764

C:\Program Files\limewire\tritonus.jar.tmp
LAST MODIFIED: 1199505559458
SIZE: 152711

C:\Program Files\limewire\vorbis.jar.tmp
LAST MODIFIED: 1199505559508
SIZE: 27215
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top