Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

so much trouble getting rid of popups, hijacks


  • Please log in to reply
7 replies to this topic

#1 zanyzach37

zanyzach37

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 February 2005 - 03:02 AM

hey, i had a bad problem the other day and i thought it was totally solved, but it came back again. same deal as before... browser hijacks, tons of popups, my computer's running slow as bleep and heating up a lot... i just don't know what to do. i'm not even doing anything, either... i have no idea where these things come from because all i do is read the news on CNN, do research and write reports....

anyway, any help you can give would be greatly appreciated, and thanks in advance greatly. the hijackthis logfile is posted below.

Logfile of HijackThis v1.99.0
Scan saved at 3:02:28 AM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\winupdt.exe
C:\WINDOWS\system32\pxmtp.exe
C:\Program Files\Apoint\Apntex.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\aim95\aim.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\dmomudll.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\wincbck32.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102538320\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jxzybc] C:\WINDOWS\system32\jxzybc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Nqjfst.exe
O4 - HKLM\..\Run: [vea3ojcj] C:\Program Files\vea3ojcj\vea3ojcj.exe
O4 - HKLM\..\Run: [vs6P34T] pxmtp.exe
O4 - HKLM\..\Run: [zgmnwc] C:\WINDOWS\system32\zgmnwc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitelyw32.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\program files\aim95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [eBpFRQftV] dmomudll.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...416/mcfscan.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

BC AdBot (Login to Remove)

 


#2 zanyzach37

zanyzach37
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 February 2005 - 11:05 AM

please? i really need help. a popup comes up about every 10 seconds and my computer's getting really hot and is hardly functioning. i don't know what to do. :-(

thanks

Logfile of HijackThis v1.99.0
Scan saved at 11:04:47 AM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\winupdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\aim95\aim.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\wincbck32.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\srr3dmod.exe
C:\WINDOWS\system32\ssdpatch.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102538320\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jxzybc] C:\WINDOWS\system32\jxzybc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Nqjfst.exe
O4 - HKLM\..\Run: [vea3ojcj] C:\Program Files\vea3ojcj\vea3ojcj.exe
O4 - HKLM\..\Run: [zgmnwc] C:\WINDOWS\system32\zgmnwc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitelyw32.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vs6P34T] ssdpatch.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\program files\aim95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [eBpFRQftV] srr3dmod.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...416/mcfscan.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

#3 zanyzach37

zanyzach37
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 February 2005 - 01:30 PM

please, please, please help me. my computer's pretty much stalled and i can't do anything.

i need to get rid of whatever's on my computer soon or else i think it's going to crash from all the popups.

thanks :-(

#4 zanyzach37

zanyzach37
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 February 2005 - 06:50 PM

please? someone?

now all the words on my computer are underlined and have links, i get hundreds of popups if i walk away from my computer for an hour, i'm continually losing my internet connection and i can't open any programs because i don't have enough CPU to do so... it's all being used by spyware bleep....

i really need help... and i have all my schoolwork and pictures on my computer, and i'm afraid i'm going to have to reformat and lose everything if i don't fix this soon... my computer's getting really hot and the fan is constantly blowing because it's working so hard to just stay on.

please help. :-(


Logfile of HijackThis v1.99.0
Scan saved at 6:49:44 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\winupdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\WINDOWS\system32\ssdpatch.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\aim95\aim.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\srr3dmod.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\AOL\110253~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wincbck32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\prutqct.exe
C:\WINDOWS\system32\prutqct.exe
C:\Documents and Settings\Zeb\Desktop\VirtualDub-1.5.10\VirtualDub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102538320\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jxzybc] C:\WINDOWS\system32\jxzybc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Nqjfst.exe
O4 - HKLM\..\Run: [vea3ojcj] C:\Program Files\vea3ojcj\vea3ojcj.exe
O4 - HKLM\..\Run: [zgmnwc] C:\WINDOWS\system32\zgmnwc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitelyw32.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [vs6P34T] ssdpatch.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\program files\aim95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [eBpFRQftV] srr3dmod.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\system32\prutqct.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...416/mcfscan.cab
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:12:17 AM

Posted 18 February 2005 - 08:11 PM

I'll work with you.
I need to study the log(s)
A quick glance is encouraging, though.
A lot going on but it could be worse.

It takes time on our side to combat the problems of several folks at once.
Likely it will be another 24 hours before you hear back from me.
In the meantime, your PC should simply run. Leave it on.
By doing that, no changes at reboot time will occur,
and we'll be able to fix it quicker.

It will be possible (probable) we can
avoid a reformat but save
any data to disk,
anyway.

:thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#6 zanyzach37

zanyzach37
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 18 February 2005 - 08:20 PM

thanks. i dont even know if this is going to go through, i tried twice and it stalled so if it does, i really appreciate the reply and i'll check back here tomorrow. i won't touch my computer or do anything on it. ok now its making really weird noises and blowing lots of air out again.

anyway thank you and hopefully you'll see this.

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:12:17 AM

Posted 18 February 2005 - 08:41 PM

I do see it and it reminds of an old car
huffin' and puffin' it's way up a hill.
I assure you, make it give you your
data on CD-R or DVD-R if it's the
last thing it does. :thumbsup:

We'll be rounding the top of the hill about
this time tomorrow, and it'll all
be downhill from there. :flowers:

Get some rest.
Spare yourself the torture of watching those
*bleeping* malware files wrestle.
It will be "much ado about nothing" soon enough.

Hit that "track this topic" and fix yourself a drink.

:trumpet:
patiently patrolling, plenty of persisant pests n' problems ...

#8 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:12:17 AM

Posted 20 February 2005 - 02:51 AM

There doesn't seem to be any easier way, zanyzach

Please perform the steps in exact order for best results.
Read through them carefully first to avoid confusion.

Print out, Copy/paste these instructions to a notepad/wordpad
or choose file-->save page as: HJT instructions.

Download CleanUp!
http://antispyware.nextdesigns.net/showsoftware.php?id=1
Install it, but do not run it yet.

Set your PC to: show hidden files.
Additional information here.

Open your C:\HJT folder and double-click the icon.
Close everything except HijackThis, nothing else on your desktop.

Run Hijackthis:
click Scan, and put a checkmark next to each of the following objects:

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -
C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} -
C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jxzybc] C:\WINDOWS\system32\jxzybc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Nqjfst.exe
O4 - HKLM\..\Run: [vea3ojcj] C:\Program Files\vea3ojcj\vea3ojcj.exe
O4 - HKLM\..\Run: [zgmnwc] C:\WINDOWS\system32\zgmnwc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [vs6P34T] ssdpatch.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [eBpFRQftV] srr3dmod.exe
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\system32\prutqct.exe

Fix button is clicked
when you're sure that files marked for deletion are correct.

Reboot into Safe Mode
by tapping F8 continuously until the DOS screen appears.
press "Yes"at the dialog box.
Use the up arrow to choose safe mode.
Hit enter.
"OK" the choice.


Search for, locate and delete files or folders
To find them use:
Start-->Search-->select all files & folders-->
select more advanced options-->
checkmark search system folders, hidden files & folders and sub-folders.
Then fill the All or part of the filename by pasting the .exe into the search box.
OR find the appropriate folder, right-click-->delete each individual file.
Do not delete main folders like C:\WINDOWS or C:\Program Files.
Some of the files listed below may no longer exist,
the previous steps may have eliminated them.
So we're double-checking some of these.

Delete manually:

ssdpatch.exe
srr3dmod.exe

C:\WINDOWS\farmmext.exe

These two search for the .exe.
When found, delete it & the folder that contains it.

C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe

C:\WINDOWS\system32\zgmnwc.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\winupdt.exe
C:\WINDOWS\system32\ssdpatch.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\srr3dmod.exe
C:\WINDOWS\system32\wincbck32.exe
C:\WINDOWS\system32\prutqct.exe
C:\WINDOWS\system32\jxzybc.exe
C:\WINDOWS\system32\Nqjfst.exe
C:\WINDOWS\system32\msnavc32.exe

These three search for the .exe.
When found, delete it & the folder that contains it.

C:\Program Files\vea3ojcj\vea3ojcj.exe
C:\Program Files\E2G\IeBHOs.dll
C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll

If you get an error when deleting a file.
Right click on the file and check to see if the read only attribute is checked.
if it is, uncheck it and try again


Run CleanUp!
and let it clean your computer of temp files.
Decline when it asks you to log off.

Reboot your computer to go back to normal mode.

Online again, run at least one of three free anti-virus scans:

Scan online for viruses at
http://www.pandasoftware.com/activescan/co...n_principal.htm.
Scan online for viruses at
Bitdefender]http://www.bitdefender.com/scan/licence.php]Bitdefender
Scan online for viruses at
http://www3.ca.com/threatinfo/virusinfo/sc...sinfo/scan.aspx

Reboot

Run HijackThis again (scan & save log only)
and post the new log(s)
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users