To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

Page 1 of 2 1 2
 
Reply to Discussion Options
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
15 Jul 2006, 8:39pm

Computer is acting weird [Solved]

Pop-ups, new icons on the desktop, unknown running process, the works.
I've tried to fix it all as much as I could, but I'm still missing a few things, any help is appreciated!
Thanks!
Here's the Hijackthis log --


Logfile of HijackThis v1.99.1
Scan saved at 3:46:18 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\dfndrad_5.exe
C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\wuauboot.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exe
F2 - REG:system.ini: UserInit=userinit.exe,pougtaq.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D77A587544293AC5 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\wuauboot.exe" -vt yazr
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Again, thank you!
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
15 Jul 2006, 10:10pm

Re: Computer is acting wierd

Hi Loot, yes you are quite infected but first lets take care of the purity scan adware from the C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\wuauboot.exe entry...to remove it please run the uninstaller from here-->http://www.outerinfo.com/OiUninstaller.exe reboot then post a new hjt log please along w/ how the uninstalling went
__________________

[folding_sig1]
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
15 Jul 2006, 10:29pm

Re: Computer is acting wierd

Hey, thank you so much!
The uninstall went fine and here is the new hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 5:35:08 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\outlook\outlook.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exe
F2 - REG:system.ini: UserInit=userinit.exe,pougtaq.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
15 Jul 2006, 11:37pm

Re: Computer is acting wierd

k loot very good, no problem.. now could you please do this for me... go to http://virusscan.jotti.org/ and upload
C:\WINDOWS\system32\fsndi.exe and allow it scan and copy/paste the results in your next reply
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
16 Jul 2006, 5:44am

Re: Computer is acting wierd

Alright, hopefully this is what you wanted:


File: fsndi.exe

Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 34927efd7594648462bb18e713ada55f

Packers detected:
ASPACK

Scanner results

AntiVir
Found Trojan/Dldr.Qoolog.bj.3

ArcaVir
Found Trojan.Downloader.Qoologic.Bj

Avast
Found Win32:Qoologic-AI

AVG Antivirus
Found Downloader.Generic.ZIV

BitDefender
Found Trojan.Downloader.Qoologic.BC

ClamAV
Found nothing

Dr.Web
Found Trojan.Qoologic

F-Prot Antivirus
Found W32/Downloader.SJB

Fortinet
Found W32/Qoologic.BJ!tr.dldr

Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Qoologic.bj

NOD32
Found Win32/TrojanDownloader.Qoologic.BJ

Norman Virus Control
Found W32/Qoologic.HW

UNA
Found TrojanDownloader.Win32.Qoologic

VirusBuster
Found Trojan.DL.Qoologic.AI

VBA32
Found Trojan-Downloader.Win32.Qoologic.bj


Thanks!
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
16 Jul 2006, 7:26pm

Re: Computer is acting wierd

ah the qoologic infection..loot please follow the instructions outlined here-->http://www.short-media.com/forum/showthread.php?t=47766 & when finished please return with the qoologic fix logfile and new HJT log
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
17 Jul 2006, 3:07am

Re: Computer is acting wierd

Ok - here is the qoofix log file:

Qoofix v1.02 by http://www.malwarebytes.org
Scan started on [7/16/2006] at [10:06:10 PM]
-------------------------------------------------------------
Terminated module: uqwyacc.dll found in Qoofix.exe (3384)
Terminated module: uqwyacc.dll found in wscntfy.exe (1012)
Terminated module: uqwyacc.dll found in ojwyjt.exe (1000)
Terminated module: uqwyacc.dll found in explorer.exe (1796)
Terminated module: uqwyacc.dll found in fsndi.exe (1960)
Terminated module: uqwyacc.dll found in fsndi.exe (460)
Terminated module: uqwyacc.dll found in fsndi.exe (420)
Terminated module: uqwyacc.dll found in wuauclt.exe (536)
Terminated module: uqwyacc.dll found in CFD.exe (2012)
Terminated module: uqwyacc.dll found in ybrwicon.exe (244)
Terminated module: uqwyacc.dll found in MotiveSB.exe (2052)
Terminated module: uqwyacc.dll found in ycommon.exe (2116)
Terminated module: uqwyacc.dll found in outlook.exe (2160)
Terminated module: uqwyacc.dll found in daemon.exe (2188)
Terminated module: uqwyacc.dll found in qttask.exe (2252)
Terminated module: uqwyacc.dll found in FilmLoop.exe (2300)
Terminated module: uqwyacc.dll found in Updater.exe (2320)
Terminated module: uqwyacc.dll found in v1201.exe (2432)
Terminated module: uqwyacc.dll found in aim.exe (2536)
Terminated module: uqwyacc.dll found in RegistryRepairPro.exe (2568)
Terminated module: uqwyacc.dll found in svchostsys.exe (2628)
Terminated module: uqwyacc.dll found in CoolKill.exe (2812)
Terminated module: uqwyacc.dll found in Ymsgr_tray.exe (3000)
Terminated module: uqwyacc.dll found in mpbtn.exe (3040)
Terminated module: uqwyacc.dll found in AOLacsd.exe (2644)
Terminated module: uqwyacc.dll found in MSOHELP.EXE (392)
Terminated module: uqwyacc.dll found in win41.tmp.exe (2968)
Terminated module: uqwyacc.dll found in firefox.exe (2776)
Terminated module: uqwyacc.dll found in explorer.exe (3812)
-------------------------------------------------------------
C:\WINDOWS\system32\fsndi.exe will be deleted on reboot!
C:\WINDOWS\system32\ojwyjt.exe will be deleted on reboot!
C:\WINDOWS\system32\pougtaq.exe will be deleted on reboot!
C:\WINDOWS\system32\thlcu.dat will be deleted on reboot!
C:\WINDOWS\system32\uqwyacc.dll will be deleted on reboot!
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hriap.exe will be deleted on reboot!

User prompted YES to reboot, system now rebooting...
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [7/16/2006] at [10:07:55 PM]

Note: Some registry keys may have been removed.






And here is the hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:05 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\ismon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\dfndrad_5.exe
C:\WINDOWS\v1201.exe
C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



You rock
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
17 Jul 2006, 3:47am

Re: Computer is acting wierd

good job w/ the qoo fix now if you could please do this for me..
Please run the BitDefender online scan from here; http://www.bitdefender.com/scan8/ie.html
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post along with a new hijackthis log.
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
18 Jul 2006, 7:20pm

Re: Computer is acting wierd

Alright, this BitDefender has been scanning for FOREVER and I just wanted to check if it's alright that it's taking so long

Scan time so far is over 37 hours
Files: 246915 out of 199913

It will give me an estimated time, which is about a third of what it really is. And as soon as it hits zero, it goes back up to a new time of like 5 hours or something.
It has found a lot of things though and many things have been deleted or disinfected.

Just checking - is it alright that it's taking this long?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
18 Jul 2006, 11:27pm

Re: Computer is acting wierd

hi loot, yes it is normal esp. lately I've read on some other forums that for some strange *unknown* reason bitdefender's online scan is taking many many times longer then the estimated given time and yes it's a slower scanner then some other online AV scanns but its VERY good and as you've said its detected alot of "nasties" so yes please let it finish I do apologize for the extended wait time... you by no means hafta just sit there and watch it scan you'd go mad lol atleast i would but yes please let it finish and follow the instructions on how to attach it etc
yogi_bear
Steve
yogi_bear
2 Posts
19 Jul 2006, 12:53am

Re: Computer is acting wierd

Sorry to be a proper "newbie," here and maybe state the obvious, but would'nt it be much quicker to simply back up your stuff, re-format the hard drive and start again? Surly this would not take longer than the 36-hours and counting of the virus scan? I reformat my hard disk at least 4 times a week!

Beast Regards

Steve
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
19 Jul 2006, 4:50am

Re: Computer is acting wierd

Hmmm Yogi - I have no idea. I've never reformated, so I have no idea how to do so and backup things properly, etc.

As for the scanning ---

Yeah, I figured out why scanning was taking so long. It was trying to scan a virtual drive I had created and forgot about My bad.

So I tried to stop it just because I couldn't figure anything else to do, since it seemed stuck. And it just sorta stopped working, as in it just froze up. I eventually just had to close it altogether.
So I don't have any scan report to give to you.
Here's the HijackThis log though now:


Logfile of HijackThis v1.99.1
Scan saved at 11:56:23 PM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\ismon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\TEMP\winBA8.tmp.exe
C:\WINDOWS\TEMP\win3B7.tmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
19 Jul 2006, 6:50pm

Re: Computer is acting wierd

Quoting LootSubu42
Yeah, I figured out why scanning was taking so long. It was trying to scan a virtual drive I had created and forgot about My bad.
ohhh ok thats fine loot but could you please re-do the scan only before starting the scan go into the options and uncheck that virtual drive and try it again and attach the log as hmtl as I said in my previous post thanks! cause its important I see what it found
*note* to change what area of your PC it scans under this options-->
Code:
SCANNING OPTIONS  
Select what you want to check for viruses  
By default, your entire computer will be checked for viruses and other threats. To scan just some of your folders, click here.
click where it says "click here" and uncheck that virtual drive then continue as normal from my prev. post on how to do the bitdefender scan good luck
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
21 Jul 2006, 5:52am

Re: Computer is acting wierd

I am going on a camping trip this weekend - and will do this when I get back!
Thanks!
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
21 Jul 2006, 10:57pm

Re: Computer is acting wierd

Quoting LootSubu42
I am going on a camping trip this weekend - and will do this when I get back!
Thanks!
have fun ill be here
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
26 Jul 2006, 7:41am

Re: Computer is acting weird

Hmmm, I dunno
I unclicked the virtual drive and the scan went fine, but when it was done, it just simply shut down internet explorer (can't do it on firefox, so that's what I'm using), so I couldn't tell it to export the scan results. It's done it twice now - any suggestions?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
26 Jul 2006, 5:11pm

Re: Computer is acting weird

hmm yes that is weird, I recall that may have happened to me once on own PC but not 100% sure anyways lets try another (use explorer for this 1)-->Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
29 Jul 2006, 8:16am

Re: Computer is acting weird

Alright - here's the result of the scan - thanks for the patience, I've been busy lately!



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, July 29, 2006 3:22:29 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 209747
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan Statistics:
Total number of scanned objects: 212772
Number of viruses found: 43
Number of infected objects: 145
Number of suspicious objects: 5
Duration of the scan process: 02:34:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\Local Settings\Temp\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr80B1 Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Documents and Settings\Owner\Local Settings\Temp\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\VVSNInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C0IJPX6P\ff3[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IUP8DQOT\anti4[1].exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IUP8DQOT\anti4[1].exe Embedded EXE: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QX2N9D37\new[1].htm Infected: Constructor.Perl.Msdds.b skipped
C:\Documents and Settings\Owner\My Documents\ADAM\AudioConverter\Audio_Conversion_Wizard_Crack.zip/acw.exe Suspicious: Packed.Win32.PePatch.dk skipped
C:\Documents and Settings\Owner\My Documents\ADAM\AudioConverter\Audio_Conversion_Wizard_Crack.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\ADAM\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\ADAM\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Owner\My Documents\ADAM\OiUninstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\My Documents\Tyler1\ZwinkySetup2.2.50.0.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspicious: Packed.Win32.PePatch.dk skipped
C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip/Audio_Conversion_Wizard_Crack.zip Suspicious: Packed.Win32.PePatch.dk skipped
C:\My Downloads\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip ZIP: suspicious - 2 skipped
C:\Program Files\BearShare\BearShareZangoInstaller.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\BearShare\BearShareZangoInstaller.exe CAB: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 2 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
C:\Program Files\Common Files\Μіcrosoft.NET\nеtdde.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Program Files\HijackThis\backups\backup-20060715-115829-240.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\Program Files\HijackThis\backups\backup-20060715-115829-895.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015959.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015974.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0015975.exe Infected: not-a-virus:AdWare.Win32.EliteBar.ba skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP16\A0017092.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP17\A0017191.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP4\A0002277.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP70\A0035928.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038145.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038145.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038147.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038318.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038324.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP72\A0038324.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038601.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038601.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP73\A0038603.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038621.dll Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038622.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP74\A0038625.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038726.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038727.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038996.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0038997.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039124.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039197.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039202.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039230.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039231.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039234.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039235.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039237.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039238.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039239.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039240.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039241.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039242.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039243.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039244.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039247.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039251.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039252.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039253.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039255.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039256.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039258.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039259.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039353.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039371.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039384.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039386.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039386.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039390.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039392.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039400.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039402.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039403.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039404.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0039405.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041461.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041462.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP77\A0041464.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041521.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041526.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041529.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041540.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041555.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041567.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041567.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041569.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041592.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041647.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041810.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041811.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041951.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041957.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041958.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0041959.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP78\A0042113.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOWS\system32\msconfig.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\WINDOWS\system32\nodeipproc.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\system32\pmnkjii.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped
C:\WINDOWS\system32\repairs302972955.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\WINDOWS\system32\ssttt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped

Scan process completed.


----------------------
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
29 Jul 2006, 4:37pm

Re: Computer is acting weird

loot, before we continue, i STRONGLY recommend you uninstall bearshare as it comes bundled with spyware where half your problems are probly coming from, If you have music files on bearshare make a new folder somewhere else on your PC (desktop, my documents etc) and save all the music and any other media files from bearshare you want to keep then after doing that uninstall bearshare via add/remove programs then reboot (if even it doesn't ask you to at the end of the uninstallation) then let me know so we can proceed or if you decide to keep it (which I strongly recommend against)
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
29 Jul 2006, 6:49pm

Re: Computer is acting weird

Yeah, that's definately fine. I wasn't even aware that Bearshare was still on my computer - I thought I'd gotten rid of that a while ago.
By your next post, I will have it removed.
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
29 Jul 2006, 8:22pm

Re: Computer is acting weird

no problem loot!, now lets take care of virtumonde please follow these directions-->Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
3 Aug 2006, 4:34am

Re: Computer is acting weird

Alrighty, Bearshare is gone.
Where to next?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
3 Aug 2006, 4:35am

Re: Computer is acting weird

Wait - nevermind, I didn't see the second page of this thread
My bad - let me do the thing in your last post hahaha
Sorry for the wait - I'm stupid
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
3 Aug 2006, 5:00am

Re: Computer is acting weird

Quoting LootSubu42
Wait - nevermind, I didn't see the second page of this thread
My bad - let me do the thing in your last post hahaha
Sorry for the wait - I'm stupid
lol no prob m8 your not stupid happens to the best of us
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
3 Aug 2006, 10:20pm

Re: Computer is acting weird

Hmmm, whenever I check "Run VundoFix as a task." it says it will open again in a minute or less.
But...it never does.
Should I just do the normal scan or what?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
4 Aug 2006, 1:37am

Re: Computer is acting weird

yes, for some strange reason it does that especially recently I've seen..but yes just run it as scan and post log
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
4 Aug 2006, 5:23am

Re: Computer is acting weird

VundoFix V5.1.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 12:09:29 AM 8/4/2006

Listing files found while scanning....

C:\windows\system32\pmnkjii.dll
C:\windows\system32\ssttt.dll
C:\windows\system32\tttss.ini
C:\windows\system32\tttss.bak2
C:\windows\system32\tttss.ini2
C:\windows\system32\tttss.tmp

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\pmnkjii.dll
C:\windows\system32\pmnkjii.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttt.dll
C:\windows\system32\ssttt.dll Has been deleted!

Attempting to delete C:\windows\system32\tttss.ini
C:\windows\system32\tttss.ini Has been deleted!

Attempting to delete C:\windows\system32\tttss.bak2
C:\windows\system32\tttss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\tttss.ini2
C:\windows\system32\tttss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\tttss.tmp
C:\windows\system32\tttss.tmp Has been deleted!

Performing Repairs to the registry.
Done!




~~~~~~~~~~~~~~~


Logfile of HijackThis v1.99.1
Scan saved at 12:23:57 AM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1130981484\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g22239546.dll (file missing)
O2 - BHO: (no name) - {E4E947E9-BFA5-48BD-9D0E-C188B7DD485D} - C:\WINDOWS\system32\ssttt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981484\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE




How's it looking?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
4 Aug 2006, 9:52pm

Re: Computer is acting weird

good job on the vundo! now please do a system scan only in HJT (make sure no windows are open during this fix except for HJT itself) and fix *check* these lines-->R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g22239546.dll (file missing)
O2 - BHO: (no name) - {E4E947E9-BFA5-48BD-9D0E-C188B7DD485D} - C:\WINDOWS\system32\ssttt.dll (file missing)
then reboot and post new hjt log please ...also loot do you know this program C:\Program Files\OutLoud\CoolKill\CoolKill.exe ?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
4 Aug 2006, 11:18pm

Re: Computer is acting weird

Alright, 'tis done.

Logfile of HijackThis v1.99.1
Scan saved at 6:16:56 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
C:\Program Files\Common Files\AOL\1130981484\ee\aolsoftware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981484\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



~~~~~~~~~

Yeah, I know the CoolKill program, it's fine. See, my CTRL+ALT+DELETE doesn't work anymore, so I needed something to get rid of apps if they were to freeze up. That's what CoolKill does for me - so no problems there
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
5 Aug 2006, 2:14am

Re: Computer is acting weird

oh ok it's fine then but when you said this
Quoting LootSubu42
See, my CTRL+ALT+DELETE doesn't work anymore
do you know what makes your ctrl alt del not function anymore?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
5 Aug 2006, 6:26am

Re: Computer is acting weird

*shrug*
It's actually been like this for a while - I think something got screwed up and I just never figured out how to fix it. Originally, it wouldn't let me into regedit or anything like that either, but I finally did correct that.
But Ctrl-Alt-Delete is something I've never been able to fix and every time I search for a way to fix it, I just end up getting more confused and unsure of what to do.
So I just CoolKill, because it's basically task manager in a different form.
I do remember a while ago reading something that pointed to me having a virus that had shut that function down (ctrl-alt-delete), so I did some things and got rid of the virus, but the computer never returned to the way it was.
Hope that's an answer of sorts.
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
5 Aug 2006, 5:00pm

Re: Computer is acting weird

oh ok, yes lets see what we can do.. please run this tool loot it basically scans for spyware A-Z let me know if/what it finds-->http://www.xblock.com/download/xclean_micro.exe
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
6 Aug 2006, 7:30am

Re: Computer is acting weird

Hahaha, you are good sir.
Well, Ctrl-Alt-Delete is now in working order. Thanks a million!
It found some CoolWebSearch, WhenUSaves, among other things. I thought it would have a scan report/summary at the end, but it didn't so I don't have anything to show you. But it did something right.
And to think....all that time I spent trying to figure it out on my own.
Very good indeed.
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
6 Aug 2006, 5:39pm

Thumbs up Re: Computer is acting weird

great! glad that little tool fixed your C-A-Del problem ..yes, it doesn't create report but its an excellant little tool as you can see, but since you said it found some coolwebsearch please go here to download CWShredder to make sure CWS is off completely-->http://www.trendmicro.com/cwshredder/ then click on then hit run>then click update>then hit the fix button and make sure NO windows are open during the fix except of course for CWshredder itself, and lemme know if it finds any variants of CWS
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
7 Aug 2006, 6:14am

Re: Computer is acting weird

Yep - I got CWShredder and am normally pretty good about keeping myself clean of CoolWeb - it didn't find anything.
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
7 Aug 2006, 6:47am

Re: Computer is acting weird

thats good could you please post new hjt log to be sure of your PC tho
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
8 Aug 2006, 7:40am

Re: Computer is acting weird

Logfile of HijackThis v1.99.1
Scan saved at 2:40:18 AM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Common Files\{6C44B700-0AF0-1033-1006-030304030001}\Update.exe
C:\Program Files\OutLoud\CoolKill\CoolKill.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {84DE4796-E364-4DD4-AFA2-B7FCCF56C809} - C:\Program Files\MSN Gaming Zone\megoqahi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981484\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoolKill.lnk = C:\Program Files\OutLoud\CoolKill\CoolKill.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll C:\WINDOWS\system32\msconfig.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\scgina.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
8 Aug 2006, 10:55pm

Re: Computer is acting weird

please do system scan only in HJT and fix O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) then reboot but besides that log looks ship shape hows it running?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
9 Aug 2006, 4:55am

Re: Computer is acting weird

Hey, thanks a million, everything is running great.
Got one more question though - do you have a suggestion for a good firewall?
The reason why all this crap got on my computer is because I had to delete my SygatePro firewall, because I'm getting an online buisness website, and sygate just wasn't letting me bypass it to do some things I really needed to do.
You got any suggestions?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
9 Aug 2006, 6:18am

Re: Computer is acting weird

no problem! glad I could help! yep I do, heres the whole prevention/cleanup part enjoy!-->Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1elete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2.Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

[center]Simple and easy ways to keep your computer safe and secure on the Internet[/center]
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
10 Aug 2006, 3:48am

Re: Computer is acting weird

Hey thanks so much - got one last question tho.
I got this friend and her computer is recently become horribly screwed up, and she is now unable to access her internet. I'm just going to post her HijackThis file and if you could just give it a quick scan, she wants to know if it's beyond repair or if there is yet hope for it. You don't have to necessarily worry about fixing it lol you've done enough for me as it is, if you could just give her a yay or nay on the possibility of her computer surviving, that'd be great.
Thanks!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:26:09 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\1114033944\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\Owner.HOME-6BR5SWAHZX\My Documents\download\shaylurvesharry\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Installer Class - {009506E8-8CAD-4CA9-81D4-D815E7E4330A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14f5d2ee-e4ea-40fa-8c10-6b2136950252} - C:\WINDOWS\system32\igft48.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1114033944\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...luginNOSSO.ocx
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093383835125
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igft48 - C:\WINDOWS\SYSTEM32\igft48.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




If you're too busy, that's cool too. I feel kinda bad asking you to do more
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
10 Aug 2006, 5:10am

Re: Computer is acting weird

no problem your welcome! sure! post away
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
11 Aug 2006, 6:16pm

Re: Computer is acting weird

Haha awesome - so are you saying 'no problem' as in there isn't a problem in the HijackThis log, or 'no problem' as in it wasn't any trouble at all?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
15 Aug 2006, 4:38am

Re: Computer is acting weird

Hello?
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
15 Aug 2006, 5:01pm

Re: Computer is acting weird

oh wait sorry, was that last log for your friend hjt or your machine?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
15 Aug 2006, 7:13pm

Re: Computer is acting weird

Haha no problem - that last log was my friend's HJT log
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
15 Aug 2006, 9:54pm

Re: Computer is acting weird

her comp has a few things in HJT that could be *Fixed* but i wouldn't know for sure unless/until i saw some scan results, tell her to join the forums and i'd be glad to help her individually but as for us *me & you* are you ready for cleanup/prevention part?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
17 Aug 2006, 6:50am

Talking Re: Computer is acting weird

Well, she can't actually get on the internet - that was one major problem, so that's why she sent me that log just for you to look at. It's cool though, if you're not sure unless there's some more scans - that's all I needed to know.
And you've already given me the cleanup/prevention tidbit
jmoney3457
In malware training:]
jmoney3457
1,396 Posts
17 Aug 2006, 5:59pm

Re: Computer is acting weird

Quoting LootSubu42
Well, she can't actually get on the internet - that was one major problem, so that's why she sent me that log just for you to look at. It's cool though, if you're not sure unless there's some more scans - that's all I needed to know.
And you've already given me the cleanup/prevention tidbit
oops sorry loot i've done so many logs, hard to keep track which 1's i've done c/p tidbit for ..so her pc is so bad she can't access the internet ?
LootSubu42
Icrontic Regular
LootSubu42
26 Posts
21 Aug 2006, 6:21am

Re: Computer is acting weird

Yeah, but don't worry about it man.
I went over and checked it out - the comptuer was SHOT
So we just had to start from scratch on that one again
Well thanks for everything - as far as I can tell, we're good!
Any way I can give you a good rating/ tell people you're the go-to-guy?
Page 1 of 2 1 2
Similar Threads
Thread Thread Starter Forum Replies Last Post
Removed hosts from computer, anything look weird yet? RyanM84 Resolved / Inactive 5 14 Jul 2005 11:06am
Need help, my computer is acting very wierd kapli Resolved / Inactive 12 17 Jun 2005 4:08am
IN PROGRESS: Computer wont load for some weird reason greg555 Resolved / Inactive 6 17 Sep 2004 4:02pm

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page Computer is acting weird [Solved]
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 6:29am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.