1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random internet/computer problem

Discussion in 'Virus & Other Malware Removal' started by kryptonite31, Jan 30, 2005.

Thread Status:
Not open for further replies.
  1. kryptonite31

    kryptonite31 Thread Starter

    Joined:
    May 3, 2004
    Messages:
    13
    I recently reinstalled Kazaa and Limewire onto my computer. After doing that, I of course got tons of spyware and viruses. I ran adaware and my virus scanner to get rid of most of the stuff. However, now my internet is way slower than before and it has some random toolbar that I never knowingly installed. Also, every 5 minutes or so, my Kerio Personal Firewall gives me a message saying:

    "Personal Firewall has detected that application 'C\WINNT\SYSTEM32\??RSS.EXE' was replaced by another application with description '??RSS.EXE.' Do you want to accept the replacement of this application?"

    If I click no the message re-pops up. If I click yes I get a message saying:

    "MsgDigestComputeMD5: Unable to open 'C\WINNT\SYSTEM31\??RSS.EXE' - error 123"

    In addition to all of this, every so often random shortcuts to credit card and/or porn links pop up on my desktop.

    HOW DO I FIX ALL OF THIS?? CAN ANYONE HELP ME????

    THANKS IN ADVANCE. Below is the log from Hijack This.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:34:03 AM, on 1/30/2005
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
    C:\WINNT\System32\CTsvcCDA.exe
    C:\DMI\WIN32\bin\DellDmi.exe
    C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
    C:\Program Files\Dell\OpenManage\Client\DLT.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\tlntsvr.exe
    C:\dmi\win32\bin\Win32sl.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\devldr32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINNT\system32\RUNDLL32.exe
    C:\temp\salm.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\documents and settings\administrator\local settings\temp\SwMaCAIU.exe
    C:\documents and settings\administrator\local settings\temp\nYh.exe
    C:\documents and settings\administrator\local settings\temp\lf.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Application Data\trdb.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\WINNT\system32\??rss.exe
    C:\Program Files\IBM\AFS\Client\Program\afscreds.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Kerio\Personal Firewall\PERSFW.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\Tech Stuff)\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Duke University
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lookfor.cc?pin=28129
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINNT\system32\stlb2.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINNT\system32\winb2s32.dll
    O2 - BHO: (no name) - {5BC87BE6-940C-89FD-2F30-9FDC4D1BB2BE} - C:\WINNT\system32\oxd.dll
    O2 - BHO: (no name) - {6EFE4B50-E041-37BF-8757-63550F837234} - C:\WINNT\system32\zjpr.dll (file missing)
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Administrator\Local Settings\Temp\YYmIMFSz4.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINNT\system32\winb2s32.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINNT\system32\stlb2.dll
    O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINNT\System32\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Audiowerk Multimedia] awtray.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [floylg] C:\WINNT\system32\ohstuu.exe
    O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [uM5lWDXdQ] C:\WINNT\rrvdhh.exe
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [¢ª¸ï0/4»}Ï ãx”ŸC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\rrvdhh.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [SwMaCAIU.exe] C:\documents and settings\administrator\local settings\temp\SwMaCAIU.exe
    O4 - HKLM\..\Run: [nYh.exe] C:\documents and settings\administrator\local settings\temp\nYh.exe
    O4 - HKLM\..\Run: [lf.exe] C:\documents and settings\administrator\local settings\temp\lf.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msmc.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [Brct] C:\Documents and Settings\Administrator\Application Data\trdb.exe
    O4 - HKCU\..\Run: [Xbae] C:\WINNT\system32\??rss.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\IBM\AFS\Client\Program\afscreds.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: SideFind (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchmiracle.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...874ea8238fc4:5d09d33a15a1722a6056772fcbfaa030
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = duke.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = duke.edu
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = duke.edu
     
  2. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
  3. kryptonite31

    kryptonite31 Thread Starter

    Joined:
    May 3, 2004
    Messages:
    13
    OK so I'm trying to install the upgraded Hijack This, and everytime I run the program, it produces an error that closes it up immediatly. Also, where do I find that spybot program? I thought I found it , but I only found something that scans and won't delete anything from my computer.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324818

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice