Server Busy window and pop ups.. pleasee help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

LS86

Thread Starter
Joined
Sep 28, 2008
Messages
2
k so im new here.. ive visited this site many times to find useful info on how to deal with basic spyware and virus problems.. but ive come across something i cant handle

yesterday my pc got hit with nasty malware.. i get this 'server busy' choose 'switch to' or 'retry' buttons and it doesnt go away when i x it out, and that then follows a series of annoying pop ups.

im running a windows xp ..and ive run numerous scans both in normal and safe mode including 'superantispyware' 'malwarebytes' antivir scanner' and 'smitfraudfix' the scans indicate that its cleaned out infected files but when i try to start up again in normal mode its not long before the same things pop up again. ive turned off system restore and then back on again before and after running scans, and when in safe mode the system is constantly restarting with the 'windows is running in safe mode to switch to system restore press 'no' etc..'

this hjt log was run in safe mode because its the only way i can access the internet without my pc going nuts.

oh one more thing!!!! .. my clock keeps changing to military time.. dont know if that helps a little more

thanks in advance!

Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 15:53:45, on 9/28/2008
Platform: Windows XP (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP1

(6.00.2600.0000)
Boot mode: Safe mode with network

support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Explorer.exe

R1 -

HKCU\Software\Microsoft\Windows\Curre

ntVersion\Internet

Settings,ProxyOverride =

127.0.0.1;;;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88

} - (no file)
F2 - REG:system.ini:

Shell=Explorer.exe
F3 - REG:win.ini:

load=C:\WINDOWS\svchost.exe
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467

} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263

} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar

.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program

Files\Avira\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] "C:\Program

Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.ex

e"
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [prunnet]

"C:\DOCUME~1\HPAUTH~1\LOCALS~1\Temp\p

run.exe"
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\Program

Files\Yahoo!\Messenger\YahooMessenger

.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program

Files\Veoh

Networks\Veoh\VeohClient.exe"

/VeohHide
O4 - HKCU\..\Run: [VnrBlock21]

"C:\Program

Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [prunnet]

"C:\DOCUME~1\HPAUTH~1\LOCALS~1\Temp\p

run.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware]

C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpywa

re.exe
O4 - HKCU\..\Run: [Nhauylaj]

C:\WINDOWS\?ystem\??anregw.exe
O4 - HKCU\..\Run: [GetModule23]

"C:\Program

Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [Irsi]

"C:\WINDOWS\ICROSO~1\chkntfs.exe" -vt

yazb
O4 - HKCU\..\Run: [GetPack21]

"C:\Program

Files\GetPack\GetPack21.exe"
O8 - Extra context menu item: &Yahoo!

Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport

to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\E

XCEL.EXE/3000
O8 - Extra context menu item: Yahoo!

&Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo!

&Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501

} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263

} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBA

R.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem:

PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1

} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone:

*.elitemediagroup.net
O15 - Trusted Zone:

*.systemdoctor.com
O15 - Trusted Zone: *.adgate.info

(HKLM)
O15 - Trusted Zone:

*.elitemediagroup.net (HKLM)
O15 - Trusted Zone:

*.systemdoctor.com (HKLM)
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700

} (Windows Genuine Advantage

Validation Tool) -

http://go.microsoft.com/fwlink/?linki

d=39204
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C

} (WUWebControl Class) -

http://update.microsoft.com/windowsup

date/v6/V5Controls/en/x86/client/wuwe

b_site.cab?1139859328493
O16 - DPF:

{67DABFBF-D0AB-41FA-9C46-CC0F21721616

} (DivXBrowserPlugin Object) -

http://go.divx.com/plugin/DivXBrowser

Plugin.cab
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3

} (MUWebControl Class) -

http://update.microsoft.com/microsoft

update/v6/V5Controls/en/x86/client/mu

web_site.cab?1149011724177
O16 - DPF:

{9122D757-5A4F-4768-82C5-B4171D8556A7

} (PhotoPickConvert Class) -

http://appdirectory.messenger.msn.com

/AppDirectory/P4Apps/PhotoSwap/PhtPkM

SN.cab
O16 - DPF:

{A30FBBDC-FA29-4606-8565-14AADCCA6708

} (Rite Aid One Hour Photo Online

Control) -

https://photos.riteaid.com/control/Ri

teAidOneHourPhotoOnline.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-220313175592

} (MSN Games - Installer) -

http://messenger.zone.msn.com/binary/

ZIntro.cab56649.cab
O16 - DPF:

{BD393C14-72AD-4790-A095-76522973D6B8

} (CBreakshotControl Class) -

http://messenger.zone.msn.com/binary/

Bankshot.cab57213.cab
O16 - DPF:

{C3F79A2B-B9B4-4A66-B012-3EE46475B072

} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/

MessengerStatsPAClient.cab56907.cab
O16 - DPF:

{DA758BB1-5F89-4465-975F-8D7179A4BCF3

} (WheelofFortune Object) -

http://messenger.zone.msn.com/binary/

WoF.cab57176.cab
O23 - Service: AntiVir

PersonalEdition Classic Scheduler

(AntiVirScheduler) - Avira GmbH -

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: AntiVir

PersonalEdition Classic Guard

(AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple

Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server

(LexBceS) - Lexmark International,

Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Viewpoint Manager

Service - Viewpoint Corporation -

C:\Program

Files\Viewpoint\Common\ViewpointServi

ce.exe

--
End of file - 5906 bytes
 

LS86

Thread Starter
Joined
Sep 28, 2008
Messages
2
can someone please HELP! my problems have gone from bad to worse.. in a last effort i decided to use system restore ..and that had no luck, and now whether im in safe or normal mode.. my taskbar and desktop icons repeatedly load on and off for about a minute before the screen turns blank.. im in safe mode with networking at the moment and i only was able to open a browser by double clicking rapidly on the icon before it disappeared off the desktop.. and my task manager prompt isnt coming up or any other commands i try to do using my keyboard..

IM DYIN HERE!!!!! please help
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top