1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop-ups and the like killing my laptop...

Discussion in 'Virus & Other Malware Removal' started by erwalker49, Jun 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. erwalker49

    erwalker49 Thread Starter

    Joined:
    Jun 21, 2007
    Messages:
    4
    Alright, I do not know a whole lot about computers but I know enough to get around and delete some stuff that is unwanted. I need help deleting some of the stupid viruses and such on my laptop. My laptop is rather old but it has Windows XP installed on it. For the longest time I was using Internet Explorer with this thing but now I have switched to a new browser due to the terrible things Internet Explorer has done and continues to do.

    Without warning at all one night I suddenly got a ton of pop-ups. At that moment I tried to delete some stuff and then I restarted. I now have CCleaner, Spybot, Ad-Aware, and Norton to try and fend off some of this stuff. However, it seems to be making very little difference. I have also deleted the much loved "OuterInfo" program about ten times. How do I make it stop coming back? Without getting on the internet and going to 'internet settings' in my control panel I keep raising the cookies security thing to the very top or the highest and in about ten minutes it will be back down at the lowest. Randomly the command prompt on my computer will open and I won't be able to see anything written in there but it will pop-up for about a minute and then disappear. I have no idea what this means but I do believe it to be bad. I have no clue what the names are of the things causing the problems on my computer other than the ones that Spybot gives me when I go to delete the stuff. Most of the stuff appears to be tracking cookies - thanks to IE. If any of you recognize this problem and know how to fix it please share. Also, in my "Startup" folder I keep finding "ThinkAdz" and something else but I cannot find the source of them on my laptop - anyone know that one? Oh, and one more rather annoying problem that I am having... Randomly during the day I will hear an advertisement playing in the background. In my applications under the task manager I have tried ending all of the likely things but I just cannot seem to figure out which one it is.

    Basically, is there anyway I can completely clean my computer without paying a pretty penny??

    Honestly, I really want to start all over with this laptop and do a complete restore or something of the sort. However, I'm guessing since this laptop did not come with Windows XP originally that that is the reason it cannot restore? I have a desktop computer that allows me to make a sort of restore disc... does anyone know if I can use that on this thing? Or if I wish to restore this thing do I have to take the OS off all-together and then put it back on again?

    Thank-you for any of your help as it will be VERY much appreciated as this is my first laptop given to me by a good friend of mine.
     
  2. jamielaw

    jamielaw

    Joined:
    Aug 13, 2006
    Messages:
    105
    Hey erwalker49

    Hijackthis Log

    Please download HijackThis.exe (by Merijn). Save the file to your desktop. This is a very important step! This ensures Hijackthis stores backups should anything go wrong.

    Double-click HijackThis.exe. Select Do a system scan and save a logfile.

    Allow Hijackthis to scan your computer. When notepad opens up with your logfile, copy the contents back into your thread.
     
  3. erwalker49

    erwalker49 Thread Starter

    Joined:
    Jun 21, 2007
    Messages:
    4
    Alright, I did this and I also saw where you posted something on someone else's forum for combo fix. I did that as well. Here are the results from hijackthis.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:28:58 PM, on 6/21/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\aniServ.exe
    C:\WINDOWS\System32\axjjdhqa.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\SYSTEM32\MDM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {326D6EDE-A36C-ABB7-1A10-FE8DCC2285E8} - C:\WINDOWS\System32\neauvvs.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {99604E37-59D3-4FDA-B608-88418318B79F} - (no file)
    O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Rnab] "C:\DOCUME~1\ADMINI~1.COL\MYDOCU~1\WNSXS~1\wucrtupd.exe" -vt yazb
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: MindSpring - {771F805B-A831-45F5-BA67-7C8CF93F40E3} - c:\Program Files\MindSpring 4.0\MID4.EXE (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{297F8D47-8A93-43AA-BA11-6F996B3729B6}: Domain = bellsouth.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{297F8D47-8A93-43AA-BA11-6F996B3729B6}: NameServer = 205.152.150.254,205.152.0.5
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D6C1B45-0A91-4F92-ABDE-687AA56AB587}: NameServer = 205.152.0.5
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B5FF93B-5CD7-4047-9A0C-F18E5C5B3D02}: NameServer = 192.168.0.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD322F50-3658-405C-A936-EDCB201BDE1D}: Domain = bellsouth.net
    O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\axjjdhqa.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (file missing)
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe


    ------------------------------------------------
    And here are the results from ComboFix if needed...

    ComboFix 07-06-22.2 - C:\Documents and Settings\Administrator.COLLEEN\Desktop\ComboFix.exe
    "Erin" - 2007-06-21 21:03:52


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\kbeadjss.dll
    C:\WINDOWS\system32\btycdcix.dll
    C:\WINDOWS\system32\byxur.dll
    C:\WINDOWS\system32\cbawu.dll
    C:\WINDOWS\system32\kwruuqgc.dll
    C:\WINDOWS\system32\rbqtaqxj.dll
    C:\WINDOWS\system32\kayytpmt.dll
    C:\WINDOWS\system32\ifrnokdt.dll
    C:\WINDOWS\system32\fotiytvb.dll
    C:\WINDOWS\system32\ciojdimh.dll
    C:\WINDOWS\system32\qkspvdsd.dll
    C:\WINDOWS\system32\txjlsinn.dll
    C:\WINDOWS\system32\svnssqiv.dll
    C:\WINDOWS\system32\qiyjmkvo.dll
    C:\WINDOWS\system32\vnonouvk.dll
    C:\WINDOWS\system32\rjwtqiwd.dll
    C:\WINDOWS\system32\qwdbiagp.dll
    C:\WINDOWS\system32\crkjxqfi.dll
    C:\WINDOWS\system32\okdhsgvg.dll
    C:\WINDOWS\system32\tyluheff.dll
    C:\WINDOWS\system32\xjffhlau.dll
    C:\WINDOWS\system32\yayxwut.dll
    C:\WINDOWS\system32\nuwvmshj.dll
    C:\WINDOWS\system32\ubraifpy.dll
    C:\WINDOWS\system32\peaamann.dll
    C:\WINDOWS\system32\pmnoomn.dll
    C:\WINDOWS\system32\vqhyrxxq.dll
    C:\WINDOWS\system32\opnligg.dll
    C:\WINDOWS\system32\urqnkif.dll
    C:\WINDOWS\system32\fccbcya.dll
    C:\WINDOWS\system32\xxywuvt.dll
    C:\WINDOWS\system32\mljjhff.dll
    C:\WINDOWS\SYSTEM32\xicdcytb.ini
    C:\WINDOWS\SYSTEM32\ybcdd.ini
    C:\WINDOWS\SYSTEM32\ybcdd.tmp
    C:\WINDOWS\SYSTEM32\ybcdd.ini2
    C:\WINDOWS\SYSTEM32\ybcdd.bak1
    C:\WINDOWS\SYSTEM32\uwabc.ini
    C:\WINDOWS\SYSTEM32\jxqatqbr.ini
    C:\WINDOWS\SYSTEM32\ovkmjyiq.ini
    C:\WINDOWS\SYSTEM32\pgaibdwq.ini
    C:\WINDOWS\SYSTEM32\ifqxjkrc.ini
    C:\WINDOWS\SYSTEM32\ffehulyt.ini
    C:\WINDOWS\SYSTEM32\ypfiarbu.ini
    C:\WINDOWS\SYSTEM32\qxxryhqv.ini
    C:\WINDOWS\SYSTEM32\ybcdd.ini
    C:\WINDOWS\SYSTEM32\ybcdd.tmp
    C:\WINDOWS\SYSTEM32\ybcdd.ini2
    C:\WINDOWS\SYSTEM32\ybcdd.bak1
    C:\WINDOWS\SYSTEM32\ybcdd.ini
    C:\WINDOWS\SYSTEM32\ybcdd.tmp
    C:\WINDOWS\SYSTEM32\ybcdd.ini2
    C:\WINDOWS\SYSTEM32\ybcdd.bak1
    C:\WINDOWS\system32\ddcby.dll
    C:\WINDOWS\system32\cbxvuvt.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))




    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_CORE
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_NET_AGENT
    -------\LEGACY_POOF
    -------\LEGACY_RUNTIME
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\cmdService
    -------\core
    -------\Net Agent
    -------\RpcApi
    -------\RpcApi
    -------\Runtime
    -------\Windows Overlay Components


    ((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


    2007-06-21 21:01 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-21 20:45 122,900 --a------ C:\WINDOWS\SYSTEM32\oqrlyaac.exe
    2007-06-21 19:42 <DIR> d--hs---- C:\FOUND.000
    2007-06-21 18:24 122,900 --a------ C:\WINDOWS\SYSTEM32\uuelxnyj.exe
    2007-06-21 16:57 <DIR> d-------- C:\WINDOWS\pss
    2007-06-21 16:35 122,900 --a------ C:\WINDOWS\SYSTEM32\ighuvwcy.exe
    2007-06-21 14:14 122,900 --a------ C:\WINDOWS\SYSTEM32\emviiwqj.exe
    2007-06-21 03:28 97,280 --a-s---- C:\WINDOWS\SYSTEM32\monterreyn_ingen.exe
    2007-06-21 03:22 155,136 --a------ C:\Microsoft.com
    2007-06-21 03:21 79,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FOPN.sys
    2007-06-21 03:21 60,928 --a------ C:\WINDOWS\SYSTEM32\neauvvs.dll
    2007-06-21 03:20 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
    2007-06-21 03:19 618,881 --a------ C:\Temp\aZ001.exe
    2007-06-21 02:13 <DIR> d-------- C:\WINDOWS\Prefetch
    2007-06-21 02:05 13,573 --a------ C:\ieupdr2.exe
    2007-06-21 02:04 40,960 --a------ C:\bot.exe
    2007-06-21 02:02 13,573 --a------ C:\WINDOWS\SYSTEM32\KB_963491.exe
    2007-06-21 00:57 122,900 --a------ C:\WINDOWS\SYSTEM32\kvwjlkri.exe
    2007-06-20 22:15 727,786 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ltck000c.sys
    2007-06-20 22:01 2 --a------ C:\WINDOWS\SYSTEM32\wapisvsu32.exe
    2007-06-20 21:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Netscape
    2007-06-20 21:44 <DIR> d-------- C:\Program Files\Common Files\zfow
    2007-06-20 21:29 <DIR> d--hs---- C:\WINDOWS\VmFsdWVkIEdhdGV3YXkgQ2xpZW50
    2007-06-20 21:13 122,900 --a------ C:\WINDOWS\SYSTEM32\tcrbpfih.exe
    2007-06-19 23:08 122,900 --a------ C:\WINDOWS\SYSTEM32\gppcwqwu.exe
    2007-06-19 22:58 122,900 --a------ C:\WINDOWS\SYSTEM32\axjjdhqa.exe
    2007-06-13 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Popular Sites
    2007-06-13 15:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Dynamic
    2007-06-13 14:59 <DIR> d-------- C:\Program Files\Visicom Media
    2007-06-13 11:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Netscape
    2007-06-13 11:47 <DIR> d-------- C:\Program Files\Netscape
    2007-06-13 11:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Opera
    2007-06-13 11:32 <DIR> d-------- C:\Program Files\Opera
    2007-06-13 11:11 <DIR> d-------- C:\Program Files\CCleaner
    2007-06-13 00:09 2,580 --a------ C:\WINDOWS\SYSTEM32\cjrrguem.exe
    2007-06-12 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\A7
    2007-06-12 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\A6
    2007-06-12 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\A2
    2007-06-12 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\A1
    2007-06-12 23:34 49,184 --a------ C:\WINDOWS\SYSTEM32\mmdsregq.exe
    2007-06-12 23:17 933 --a------ C:\WINDOWS\SYSTEM32\winpfz32.sys
    2007-06-12 23:17 46,592 --a------ C:\WINDOWS\enguyti.exe
    2007-06-12 23:16 192,615 --a------ C:\WINDOWS\SYSTEM32\rwinnndt.exe
    2007-06-12 15:11 192,512 --a------ C:\WINDOWS\c2c145.exe
    2007-06-06 16:25 53,248 --a------ C:\WINDOWS\112uninst.exe
    2007-06-06 16:22 53,248 --a------ C:\WINDOWS\uni_eh42.exe
    2007-05-30 17:08 <DIR> d-------- C:\Program Files\iPod
    2007-05-30 17:07 <DIR> d-------- C:\Program Files\iTunes
    2007-05-29 13:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\Shared
    2007-05-29 13:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\Incomplete
    2007-05-29 13:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\LimeWire
    2007-05-28 18:44 <DIR> d-------- C:\Program Files\Evrsoft First Page 2006
    2007-05-23 19:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Nvu


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-17 02:09:12 4,279 ----a-w C:\WINDOWS\mozver.dat
    2007-05-11 00:32:36 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Ipswitch
    2007-05-11 00:32:06 -------- d-----w C:\Program Files\Ipswitch
    2007-05-10 23:40:36 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\SpamBlockerUtility_Icons
    2007-05-10 23:39:52 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\SpamBlocker
    2007-05-10 23:39:24 2,692,288 ----a-w C:\WINDOWS\system32\Vhwbytfa.exe
    2007-05-08 23:21:08 -------- d-----w C:\Program Files\Conference
    2007-05-08 00:22:56 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Apple Computer
    2007-05-08 00:18:26 -------- d-----w C:\Program Files\QuickTime
    2007-05-08 00:17:24 -------- d-----w C:\Program Files\Apple Software Update
    2007-05-05 13:53:08 -------- d-----w C:\Program Files\AIM6
    2007-05-02 23:47:58 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\Viewpoint
    2007-05-01 01:54:50 -------- d-----w C:\DOCUME~1\ADMINI~1.COL\APPLIC~1\acccore
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-06 19:27:02 139,264 ----a-w C:\TTC.dll
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\VmFsdWVkIEdhdGV3YXkgQ2xpZW50\pAIPxqp4KHx1x3pasr40kZUDtqcX.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX [2001-04-16 16:39]
    {326D6EDE-A36C-ABB7-1A10-FE8DCC2285E8}=C:\WINDOWS\System32\neauvvs.dll [2007-06-20 09:49]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2003-03-16 01:02]
    {601ED020-FB6C-11D3-87D8-0050DA59922B}=C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll [2004-06-17 14:00]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SystemTray"="SysTray.Exe" [2001-08-23 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 06:01]
    "Rnab"="C:\DOCUME~1\ADMINI~1.COL\MYDOCU~1\WNSXS~1\wucrtupd.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Printing Migration"=rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
    "svchost"=C:\WINDOWS\svchost.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Accessories\rtejexan.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Mini]
    "C:\Program Files\The Weather Channel DWMini\DesktopMini.exe" /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1152758937\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
    C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
    "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
    C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Taskbar Display Controls"=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PCHealth"=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    "BayMgr"=DockApp.exe
    "Promon.exe"=Promon.exe
    "AccessRampMonitor"=C:\Program Files\AccessRamp\ARMon32.exe
    "XircWinModem4"=ltcm000c.exe 9
    "QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb03.exe
    "NAV Agent"=C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "SSDPSRV"=C:\WINDOWS\SYSTEM\ssdpsrv.exe
    "*StateMgr"=C:\WINDOWS\System\Restore\StateMgr.exe
    "CSINJECT.EXE"=C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    "StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE


    Contents of the 'Scheduled Tasks' folder
    2007-06-07 04:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job
    2007-06-22 02:12:02 C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
    2007-06-22 02:16:48 C:\WINDOWS\tasks\Symantec NetDetect.job
    2007-06-15 22:30:02 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    2007-06-20 21:55:12 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-21 21:17:05
    Windows 5.1.2600 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs = ??????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-21 21:19:46 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-21 21:18

    --- E O F ---
     
  4. erwalker49

    erwalker49 Thread Starter

    Joined:
    Jun 21, 2007
    Messages:
    4
    Also, as of recently I've been getting the blue screen that says I have an error or something and it shuts down my computer. Also, every time that my computer restarts it has to check the drive for consistency or something of that sort. I am guessing that these two things here will help me fix these problems as well?
     
  5. jamielaw

    jamielaw

    Joined:
    Aug 13, 2006
    Messages:
    105
    Hey erwalker49

    Each fix is specific to that particular thread. I strongly advise you not to do this again. I will provide you with the necessary tools to fix your computer. By running other tools it makes my job harder as I then have to figure out what you did. So please for my sake don't run any more tools unless asked to do so :)

    ==========

    Install Service Pack 1

    Service Pack 1 is the basic security level we request from all Windows XP users before starting to receive help. The easiest way for infections to infiltrate your system is through vulnerabilites. Some of these basic vulnerabilities are patched by Service Pack 1. This will ensure that once your system has been cleaned from any infections that any further infections can't exploit the same vulnerabilities.

    Please download Service Pack 1.

    Install the service pack and restart your computer. Do not install Service Pack 2 until your computer is freed from infections!

    ==========

    Msconfig

    Its important that we know which files are loading when your computer starts up. Disabling items on startup only makes the process longer because we can't see what we are dealing with.

    1. Click Start, select Run and type: msconfig
    2. Select the General tab and choose Normal Startup - load all device drivers and services.
    3. Click Apply and OK but DO NOT REBOOT!

    If you reboot your computer any malicious files will only infect your system more!

    ==========

    Please could you also post a Hijackthis log

    ==========

    Jamie :)
     
  6. erwalker49

    erwalker49 Thread Starter

    Joined:
    Jun 21, 2007
    Messages:
    4
    Thank-you for all of your help but after running the program, CCleaner, my computer was cured. I have had absolutely not problems since I have run this program. I've run Ad-Aware and everything and I haven't gotten a single bad thing.
     
  7. jamielaw

    jamielaw

    Joined:
    Aug 13, 2006
    Messages:
    105
    If you feel your computer is clean then please use Thread Tools at the top and change the thread state to Solved.

    Remember...absence of symptoms does NOT mean your computer is clean ;)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/586638

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice