lilfirecat
Thread Starter
- Joined
- Nov 5, 2007
- Messages
- 10
Hi
ok the system is running xp home sp1, is 2.40 GHz. I think its ram has been upgraded but the ram on the system file is 248MB.
the problems are.. lots of popups, and I cant get it to stop rebooting on its own, its also redirecting web pages to hotlinks.com and its very slow to load or respond and freezes often, I have a HJT log I will include it in this post. also,this comp has 3 browzers,, netscape 4.79 doesnt want to uninstall. but is there a way to keep modzilla as a back up but keep IE6.0 as the default?? and winantivirus pro 07 seems to be bogging things up,and it wouldnt uninstall, it may have now tho .. also, when I tryed to start up the comp in safe mode it wasnt able to get a web page out,
, is that normal or something else?
Thanks for the help
Logfile of HijackThis v1.99.1
Scan saved at 3:19:10 PM, on 11/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\YmVyeWw\command.exe
C:\WINDOWS\System32\npcvctub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllcache\qhotsew.exe
C:\WINDOWS\System32\dllcache\sxch0st.exe
C:\WINDOWS\System32\quikkm.exe
C:\WINDOWS\System32\pdedgeuj.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\System32\nvsvc86.exe
C:\WINDOWS\System32\sowugbym.exe
C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe
C:\WINDOWS\System32\dllcache\Dirhost.com
C:\WINDOWS\TEMP\VRTA.tmp
C:\WINDOWS\winlogon.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Beryl\My Documents\tools\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKLM\..\Run: [Windows Service oi worms] quikkm.exe
O4 - HKLM\..\Run: [Windows Service alge] pdedgeuj.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [Windows Services alges2] sowugbym.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UDC6_cw] "C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" -c
O4 - HKLM\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\TEMP\VRTA.tmp
O4 - HKLM\..\Run: [20776353] rundll32.exe "C:\WINDOWS\System32\lrcvvruu.dll",b
O4 - HKLM\..\RunServices: [Windows Service alge] pdedgeuj.exe
O4 - HKLM\..\RunServices: [Windows Services alges2] sowugbym.exe
O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKCU\..\Run: [Windows Service oi worms] quikkm.exe
O4 - HKCU\..\Run: [Windows Service alge] pdedgeuj.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Windows Services alges2] sowugbym.exe
O4 - HKCU\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192654416031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192654480484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gateway
O17 - HKLM\Software\..\Telephony: DomainName = gateway
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gateway
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gateway
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVyeWw\command.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\npcvctub.exe
O23 - Service: M1crosoft Agant - Unknown owner - C:\WINDOWS\System32\dllcache\qhotsew.exe
O23 - Service: Micr0s0ft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxch0st.exe
O23 - Service: Microsoft Dir32 - Unknown owner - C:\WINDOWS\System32\dllcache\Dirhost.com
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Navastc - Unknown owner - C:\WINDOWS\Navastc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: wlmsngr - Unknown owner - C:\WINDOWS\wlmsngr.exe
ok the system is running xp home sp1, is 2.40 GHz. I think its ram has been upgraded but the ram on the system file is 248MB.
the problems are.. lots of popups, and I cant get it to stop rebooting on its own, its also redirecting web pages to hotlinks.com and its very slow to load or respond and freezes often, I have a HJT log I will include it in this post. also,this comp has 3 browzers,, netscape 4.79 doesnt want to uninstall. but is there a way to keep modzilla as a back up but keep IE6.0 as the default?? and winantivirus pro 07 seems to be bogging things up,and it wouldnt uninstall, it may have now tho .. also, when I tryed to start up the comp in safe mode it wasnt able to get a web page out,
Thanks for the help
Logfile of HijackThis v1.99.1
Scan saved at 3:19:10 PM, on 11/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\YmVyeWw\command.exe
C:\WINDOWS\System32\npcvctub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllcache\qhotsew.exe
C:\WINDOWS\System32\dllcache\sxch0st.exe
C:\WINDOWS\System32\quikkm.exe
C:\WINDOWS\System32\pdedgeuj.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\System32\nvsvc86.exe
C:\WINDOWS\System32\sowugbym.exe
C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe
C:\WINDOWS\System32\dllcache\Dirhost.com
C:\WINDOWS\TEMP\VRTA.tmp
C:\WINDOWS\winlogon.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Beryl\My Documents\tools\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKLM\..\Run: [Windows Service oi worms] quikkm.exe
O4 - HKLM\..\Run: [Windows Service alge] pdedgeuj.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [Windows Services alges2] sowugbym.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UDC6_cw] "C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" -c
O4 - HKLM\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\TEMP\VRTA.tmp
O4 - HKLM\..\Run: [20776353] rundll32.exe "C:\WINDOWS\System32\lrcvvruu.dll",b
O4 - HKLM\..\RunServices: [Windows Service alge] pdedgeuj.exe
O4 - HKLM\..\RunServices: [Windows Services alges2] sowugbym.exe
O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKCU\..\Run: [Windows Service oi worms] quikkm.exe
O4 - HKCU\..\Run: [Windows Service alge] pdedgeuj.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Windows Services alges2] sowugbym.exe
O4 - HKCU\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192654416031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192654480484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gateway
O17 - HKLM\Software\..\Telephony: DomainName = gateway
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gateway
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gateway
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVyeWw\command.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\npcvctub.exe
O23 - Service: M1crosoft Agant - Unknown owner - C:\WINDOWS\System32\dllcache\qhotsew.exe
O23 - Service: Micr0s0ft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxch0st.exe
O23 - Service: Microsoft Dir32 - Unknown owner - C:\WINDOWS\System32\dllcache\Dirhost.com
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Navastc - Unknown owner - C:\WINDOWS\Navastc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: wlmsngr - Unknown owner - C:\WINDOWS\wlmsngr.exe