Options
Phantom Clicking and other problems.
Sup' Icrontic, I entrust my PC to your skilled hands.
A couple of weeks back I noticed that something was trying to open up extra windows at random while I was browsing the internet with firefox, I'd be sitting there reading an article or what have you when a new window would pop up, usually for something like a casino website or similar. So in response I downloaded SpyBot- Search and Destroy to check things out, it seems some where down the line I picked up around one hundred and thirty new viruses.
Yay.
Anyway SpyBot took care of most of that, excluding four entries that wouldn't shift. Something about them being a registry entry in the .dll that made them much harder than usual to remove, I think they might've been called virtumond but I am not certain. Anyway the problems I were having continued and occasionally I'd pick up a new virus, most likely from those I already had. So I downloaded HijackThis in order to blitz the entry and delete it on start up as well. Here's that first log: (more to come, there's a more recent one further down. I post this just in case)
~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 15:56:31, on 15/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.icrfast.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysetup.solent.ac.uk/halls.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?7635ef25aff640b28fe5241158da7e82
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?7635ef25aff640b28fe5241158da7e82
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: anckoa.dll ehqbfb.dll mskfww.dll difklm.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
~~~~~~~~~~~~~
After having some of these entries removed things seemed to be fine, the windows stopped opening in the background and everything appeared to be running smoothly. Yet a few days later a few new problems began that are currently plaguing me:
1) Roughly every 20 minutes everything will freeze as if loading something then carry on, after this I will hear "phantom clicking" every now and then as if something were being opened, I noticed it while watching a movie on this PC so I know I wasn't using my mouse at all, weirdly nothing seems to open after the clicking. When I looked at the applications that were running in the background a new one using up a considerable amount of processing power called IEXPLORER.EXE was running, I don't use Iexplorer and it's presence co-insides with the phantom clicking.
2) Whenever I google something if I click on the link I'll be take to a random web page rather than the one I wanted, it'll open up a new tab which first goes to:
http://77.91.228.48/click.php?c=482099f00025023b5df6d999cc00
Then:
http://aicse.com/ (among others)
3) When trying to use SpyBot to clear the new viruses I was picking up it first said things were all clear, then a repeat scan showed 13 entries which then all caused an error within the program. After that it wouldn't open up at all and when i tried to re-install it I was told that I couldn't contact the server to download the files even though i could use the internet normally.
4) There's also been a general slow down in every area of my PC, pages that used to open in the blink of an eye will crawl to load now and games will be jerky with sudden skips. This is less noticeable when I disconnect from the internet.
Here's a more recent Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 00:04:25, on 30/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.icrfast.com/index.php?rvs=hompag
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
So that's my lot: Phantom clicking related to IEXPLORER.EXE, google search links redirected, SpyBot broken and the habit of slowing to a crawl at times as well as a few random crashes.
Help me Icrontic Forums, you're my only hope.
A couple of weeks back I noticed that something was trying to open up extra windows at random while I was browsing the internet with firefox, I'd be sitting there reading an article or what have you when a new window would pop up, usually for something like a casino website or similar. So in response I downloaded SpyBot- Search and Destroy to check things out, it seems some where down the line I picked up around one hundred and thirty new viruses.
Yay.
Anyway SpyBot took care of most of that, excluding four entries that wouldn't shift. Something about them being a registry entry in the .dll that made them much harder than usual to remove, I think they might've been called virtumond but I am not certain. Anyway the problems I were having continued and occasionally I'd pick up a new virus, most likely from those I already had. So I downloaded HijackThis in order to blitz the entry and delete it on start up as well. Here's that first log: (more to come, there's a more recent one further down. I post this just in case)
~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 15:56:31, on 15/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.icrfast.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysetup.solent.ac.uk/halls.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?7635ef25aff640b28fe5241158da7e82
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?7635ef25aff640b28fe5241158da7e82
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: anckoa.dll ehqbfb.dll mskfww.dll difklm.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
~~~~~~~~~~~~~
After having some of these entries removed things seemed to be fine, the windows stopped opening in the background and everything appeared to be running smoothly. Yet a few days later a few new problems began that are currently plaguing me:
1) Roughly every 20 minutes everything will freeze as if loading something then carry on, after this I will hear "phantom clicking" every now and then as if something were being opened, I noticed it while watching a movie on this PC so I know I wasn't using my mouse at all, weirdly nothing seems to open after the clicking. When I looked at the applications that were running in the background a new one using up a considerable amount of processing power called IEXPLORER.EXE was running, I don't use Iexplorer and it's presence co-insides with the phantom clicking.
2) Whenever I google something if I click on the link I'll be take to a random web page rather than the one I wanted, it'll open up a new tab which first goes to:
http://77.91.228.48/click.php?c=482099f00025023b5df6d999cc00
Then:
http://aicse.com/ (among others)
3) When trying to use SpyBot to clear the new viruses I was picking up it first said things were all clear, then a repeat scan showed 13 entries which then all caused an error within the program. After that it wouldn't open up at all and when i tried to re-install it I was told that I couldn't contact the server to download the files even though i could use the internet normally.
4) There's also been a general slow down in every area of my PC, pages that used to open in the blink of an eye will crawl to load now and games will be jerky with sudden skips. This is less noticeable when I disconnect from the internet.
Here's a more recent Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 00:04:25, on 30/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.icrfast.com/index.php?rvs=hompag
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Micronet SP907GK Wireless Network Utility.lnk = C:\Program Files\Micronet SP907GK Wireless Network Utility\RtWLan.exe
So that's my lot: Phantom clicking related to IEXPLORER.EXE, google search links redirected, SpyBot broken and the habit of slowing to a crawl at times as well as a few random crashes.
Help me Icrontic Forums, you're my only hope.
0
Comments
Connection was still up and packets were being passed back and forth although only a few, after a reset things straightened out but I really need help. I've tried looking for anti-virus software but I get the "problem loading page" message for any sites dedicated to anti-virus, but not on anything else.
Please help me!
If you still require help, please post a new HijackThis log.
-Trogan