1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

POP UPS!!! and everything else

Discussion in 'Virus & Other Malware Removal' started by mics0606, Mar 31, 2008.

Thread Status:
Not open for further replies.
  1. mics0606

    mics0606 Thread Starter

    Joined:
    Apr 24, 2007
    Messages:
    37
    ok i need some help badly ith his one. i think im fairly well with computers but this one is out of my league...or im missing somthing....

    brief explaination: longstory short... a file some how got downloaded on my girlfriends comp. called vista.exe i was an idiot right clicked and was going to properties and i clicked open instead....well it def. wasnt vista. dos window opened up closed 30 sec. later and now all hell broke loose on this computer. :mad: so ikeep running sb s&d and eusing registr cleaner. but whaever it is kees on responing...i get about 25 pop-ups and hour and the computer runs alot slower now. also the 2 websites i get most are pcsecurityshield.com and registrydefender.com. cant shutdown limewire anymore cause it reboots itself on her computer. she uninstalled it and it still trys to reboot. i get a aa hing that pops up. went into c: and tried to delete it it wont let me delete anything left iN the file. its all vorbis and jar in the names. there are two files that search and destoy cant get rid of its these.

    Spy bot S&D

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdservice
    HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\services\cmdservice

    ~~~~~~~~~~~~~~~~~~~`
    any help would be great i have to keep the computer unplugged from the network its so bad. if i clean it off in a matter of minutes everything respawns!!!!!!!!!

    THANKS IN ADANCE
    ~MIC

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    HJT LOG


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:36 PM, on 3/31/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\S2FyZW4gUGFseXM\command.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\windows\system32\jswnw64m.exe
    C:\Documents and Settings\Karen Palys\lsass.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
    C:\Program Files\nvcoi\nvcoi.exe
    C:\Program Files\JavaCore\JavaCore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Karen Palys\Application Data\Microsoft\Windows\rayiou.exe
    C:\Documents and Settings\Karen Palys\Application Data\WinTouch\WinTouch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\limewire\limewire.exe
    C:\WINDOWS\system32\pcnttkwd.exe
    C:\WINDOWS\b116.exe
    C:\WINDOWS\system32\ASKS~1\netdde.exe
    C:\Program Files\s?curity\m?iexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{4E-E1-15-52-DW}] C:\windows\system32\jswnw64m.exe DWram
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Karen Palys\lsass.exe
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\pcnttkdn.exe DWram
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [a4e4e1fd] rundll32.exe "C:\WINDOWS\system32\yojsplxh.dll",b
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcnttkwd.exe DWram
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Karen Palys\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Karen Palys\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKCU\..\Run: [Cseh] "C:\WINDOWS\system32\ASKS~1\netdde.exe" -vt yazb
    O4 - HKCU\..\Run: [Bgcghe] "C:\Program Files\s?curity\m?iexec.exe"
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcnttkwd.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64m.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FyZW4gUGFseXM\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - http://img.rubberslug.com/user/d113381d56184948b174b454ea98cfa4/73448-5404932-CCEL CHsCATpct.jpg
    O24 - Desktop Component 1: (no name) - http://collegeofcomplexes.homestead.com/files/fortune_teller_hg_wht.gif

    --
    End of file - 7737 bytes


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Java:

    LimeWire version 4.14.12
    Java version 1.5.0_03 from Sun Microsystems Inc.
    Windows XP v. 5.1 on x86
    Free/total memory: 31459160/33357824

    com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid xml.war
    at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:292)
    at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:57)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.limegroup.gnutella.gui.Main.main(Main.java:45)

    STARTUP ERROR!

    -- listing properties --
    DHT_NODE_ID=AB0B0DF2DCD12F742B3390347BA93A3B535434E2
    INSPECTION_VERSION=1201723142643
    WINDOW_Y=0
    LAST_HTTP_FAILOVER=1206579136006
    WINDOW_X=0
    PORT=17972
    TOTAL_CONNECTION_TIME=588093765
    RUN_ON_STARTUP=false
    ACTIVE_DHT_ROUTETABLE_VERSION=1
    UPDATE_DELAY=25200001
    UPDATE_GIVEUP_FACTOR=49
    CUSTOM_INETADRESS_TO_BIND=192.168.0.36
    FILTER_HASH_QUERIES=true
    INSTALLED=true
    DISABLE_DHT_NETWORK=false
    MAX_ALTS_PER_RESPONSE=11
    UI_LIBRARY_TREE_DIVIDER_LOCATION=180
    PUBLISH_ALT_LOCS=true
    AVERAGE_UPTIME=111221
    TOTAL_UPTIME=1445882
    SEND_LIME_RESPONSES=0.999f
    MAX_UPLOAD_BYTES_PER_SEC=5
    DISABLE_OOB_V2=0.999f
    MIN_CONNECT_TIME=4
    CONTENT_AUTHORITIES=fserv1.limewire.com:10000
    LAST_SHUTDOWN_TIME=1206850634149
    APP_WIDTH=1024
    ENABLE_PASSIVE_LEAF_DHT_MODE=true
    SESSIONS=14
    UPDATE_MIN_ATTEMPTS=1999
    SHOW_TOTD=false
    MAX_ALTS_TO_DISPLAY=5
    DHT_MODE=PASSIVE_LEAF
    ENABLE_PASSIVE_DHT_MODE=true
    MAX_SKIP_ACKS=2
    MAX_LEAVES=40
    SHARE_DOWNLOADED_FILES_IN_NON_SHARED_DIRECTORIES=false
    ALLOW_PARTIAL_SHARING=false
    LAST_ACCEPTABLE_BUG_VERSION=4.13.15
    FRACTIONAL_UPTIME=0.030667536
    UPDATE_RETRY_DELAY=1800001
    LIME_QRP_ENTRIES=lime;wire;limewire;pro;limewirepro
    LAST_EXPIRE_TIME=1206578875922
    SHARE_TORRENT_META_FILES=false
    TOTAL_CONNECTIONS=15
    DIRECTORY_FOR_SAVING_FILES=C:\Documents and Settings\All Users\D...
    MAX_DOWNLOAD_BYTES_PER_SEC=73
    MIN_PASSIVE_LEAF_DHT_INITIAL_UPTIME=300000
    UPDATE_DOWNLOAD_DELAY=14400001
    LAST_UPDATE_TIMESTAMP=1205950787906
    LIME_SEARCH_TERMS=lime;wire;limewire;pro;limewirepro;
    RUN_ONCE=true
    DHT_BOOTSTRAP_HOSTS=76.8.67.2:6002
    AVERAGE_CONNECTION_TIME=39206251
    CRAWLER_IPS=76.8.67.2;76.8.67.4;64.61.25.172;64.1...
    APP_HEIGHT=728
    LIME_SIGNED_RESPONSE=VTWQABLTOIACAY3PNUXGY2LNMVTXE33VOAXGO...
    PUBLISH_PUSH_PROXIES=true
    MAX_DHT_ALT_LOC_QUERY_ATTEMPTS=500
    MIN_PASSIVE_LEAF_DHT_AVERAGE_UPTIME=60000
    INSPECTOR_IPS=76.8.67.2;76.8.67.4
    LAST_GWEBCACHE_FETCH_TIME=1197847728967
    ENABLE_PUSH_PROXY_QUERIES=true
    UNSET_FIREWALLED_FROM_CONNECTBACK=true
    CUSTOM_FD_CRITERIA=ups;atUpSet;<;cups;cUpSet;<;OR;NOT;la...
    CLIENT_ID=AE304CCD7CD95DB7BEA1ECC96906DC00
    HOSTILE_IPS=128.108.*.*;208.109.*.*;64.59.64.0/18...
    MIN_ACTIVE_DHT_INITIAL_UPTIME=3600000
    CONTENT_MANAGEMENT_ACTIVE=true
    IDLE_CONNECTIONS=2
    MIN_ACTIVE_DHT_AVERAGE_UPTIME=1800000



    FILES IN CURRENT DIRECTORY:
    C:\Program Files\limewire\commons-httpclient.jar.tmp
    LAST MODIFIED: 1199505558026
    SIZE: 445371

    C:\Program Files\limewire\commons-logging.jar.tmp
    LAST MODIFIED: 1199505558076
    SIZE: 59154

    C:\Program Files\limewire\commons-net.jar.tmp
    LAST MODIFIED: 1199505558157
    SIZE: 355370

    C:\Program Files\limewire\commons-pool.jar.tmp
    LAST MODIFIED: 1199505558217
    SIZE: 158968

    C:\Program Files\limewire\daap.jar.tmp
    LAST MODIFIED: 1199505558317
    SIZE: 375837

    C:\Program Files\limewire\foxtrot.jar.tmp
    LAST MODIFIED: 1199505558357
    SIZE: 44273

    C:\Program Files\limewire\httpcore-nio.jar.tmp
    LAST MODIFIED: 1199505558427
    SIZE: 257183

    C:\Program Files\limewire\httpcore.jar.tmp
    LAST MODIFIED: 1199505558507
    SIZE: 273935

    C:\Program Files\limewire\icu4j.jar.tmp
    LAST MODIFIED: 1199505558637
    SIZE: 741440

    C:\Program Files\limewire\id3v2.jar.tmp
    LAST MODIFIED: 1199505558707
    SIZE: 94018

    C:\Program Files\limewire\jcraft.jar.tmp
    LAST MODIFIED: 1199505558767
    SIZE: 136693

    C:\Program Files\limewire\jdic.jar.tmp
    LAST MODIFIED: 1199505558817
    SIZE: 96604

    C:\Program Files\limewire\jdic_stub.jar.tmp
    LAST MODIFIED: 1199505558868
    SIZE: 64134

    C:\Program Files\limewire\jl011.jar.tmp
    LAST MODIFIED: 1199505558958
    SIZE: 255016

    C:\Program Files\limewire\jmdns.jar.tmp
    LAST MODIFIED: 1199505558998
    SIZE: 69306

    C:\Program Files\limewire\lib
    LAST MODIFIED: 1206891568994
    SIZE: 0

    C:\Program Files\limewire\LimeWire.exe
    LAST MODIFIED: 1196717753500
    SIZE: 147456

    C:\Program Files\limewire\LimeWire.jar.tmp
    LAST MODIFIED: 1199505557285
    SIZE: 10662732

    C:\Program Files\limewire\log4j.jar.tmp
    LAST MODIFIED: 1199505559158
    SIZE: 677952

    C:\Program Files\limewire\looks.jar.tmp
    LAST MODIFIED: 1199505559288
    SIZE: 630634

    C:\Program Files\limewire\MessagesBundles.jar.tmp
    LAST MODIFIED: 1199505557686
    SIZE: 4279781

    C:\Program Files\limewire\mp3sp14.jar.tmp
    LAST MODIFIED: 1199505559338
    SIZE: 40064

    C:\Program Files\limewire\ProgressTabs.jar.tmp
    LAST MODIFIED: 1199505557796
    SIZE: 5786

    C:\Program Files\limewire\themes.jar.tmp
    LAST MODIFIED: 1199505559388
    SIZE: 690764

    C:\Program Files\limewire\tritonus.jar.tmp
    LAST MODIFIED: 1199505559458
    SIZE: 152711

    C:\Program Files\limewire\vorbis.jar.tmp
    LAST MODIFIED: 1199505559508
    SIZE: 27215
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/698958

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice