1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

various problems

Discussion in 'Virus & Other Malware Removal' started by lilfirecat, Nov 6, 2007.

Thread Status:
Not open for further replies.
  1. lilfirecat

    lilfirecat Thread Starter

    Joined:
    Nov 5, 2007
    Messages:
    10
    Hi
    ok the system is running xp home sp1, is 2.40 GHz. I think its ram has been upgraded but the ram on the system file is 248MB.
    the problems are.. lots of popups, and I cant get it to stop rebooting on its own, its also redirecting web pages to hotlinks.com and its very slow to load or respond and freezes often, I have a HJT log I will include it in this post. also,this comp has 3 browzers,, netscape 4.79 doesnt want to uninstall. but is there a way to keep modzilla as a back up but keep IE6.0 as the default?? and winantivirus pro 07 seems to be bogging things up,and it wouldnt uninstall, it may have now tho .. also, when I tryed to start up the comp in safe mode it wasnt able to get a web page out, :eek: , is that normal or something else?
    Thanks for the help

    Logfile of HijackThis v1.99.1
    Scan saved at 3:19:10 PM, on 11/5/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\aspimgr.exe
    C:\WINDOWS\YmVyeWw\command.exe
    C:\WINDOWS\System32\npcvctub.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllcache\qhotsew.exe
    C:\WINDOWS\System32\dllcache\sxch0st.exe
    C:\WINDOWS\System32\quikkm.exe
    C:\WINDOWS\System32\pdedgeuj.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\WINDOWS\System32\nvsvc86.exe
    C:\WINDOWS\System32\sowugbym.exe
    C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe
    C:\WINDOWS\System32\dllcache\Dirhost.com
    C:\WINDOWS\TEMP\VRTA.tmp
    C:\WINDOWS\winlogon.exe
    C:\WINDOWS\System32\irdvxc.exe
    C:\WINDOWS\System32\urdvxc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Beryl\My Documents\tools\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
    O4 - HKLM\..\Run: [Windows Service oi worms] quikkm.exe
    O4 - HKLM\..\Run: [Windows Service alge] pdedgeuj.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
    O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
    O4 - HKLM\..\Run: [Windows Services alges2] sowugbym.exe
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UDC6_cw] "C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" -c
    O4 - HKLM\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\TEMP\VRTA.tmp
    O4 - HKLM\..\Run: [20776353] rundll32.exe "C:\WINDOWS\System32\lrcvvruu.dll",b
    O4 - HKLM\..\RunServices: [Windows Service alge] pdedgeuj.exe
    O4 - HKLM\..\RunServices: [Windows Services alges2] sowugbym.exe
    O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
    O4 - HKCU\..\Run: [Windows Service oi worms] quikkm.exe
    O4 - HKCU\..\Run: [Windows Service alge] pdedgeuj.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [Windows Services alges2] sowugbym.exe
    O4 - HKCU\..\Run: [Microsft login] C:\WINDOWS\winlogon.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192654416031
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192654480484
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gateway
    O17 - HKLM\Software\..\Telephony: DomainName = gateway
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gateway
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gateway
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmVyeWw\command.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\npcvctub.exe
    O23 - Service: M1crosoft Agant - Unknown owner - C:\WINDOWS\System32\dllcache\qhotsew.exe
    O23 - Service: Micr0s0ft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxch0st.exe
    O23 - Service: Microsoft Dir32 - Unknown owner - C:\WINDOWS\System32\dllcache\Dirhost.com
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
    O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
    O23 - Service: Navastc - Unknown owner - C:\WINDOWS\Navastc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
    O23 - Service: wlmsngr - Unknown owner - C:\WINDOWS\wlmsngr.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648808

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice