0

Hi there,

well my computer all of a sudden is performing extremely sloow in everything..ive been getting pop ups..ive scanned with adware a little but no help. here is the hijack this log...


help will be appreciated. thank you


Logfile of HijackThis v1.99.1
Scan saved at 5:03:59 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common

Files\{C8386772-03E4-1033-0405-010323200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\calc.exe
C:\DOCUME~1\FAISAL~1.USE\APPLIC~1\APPATC~1\regedit.exe
C:\WINDOWS\a?sembly\r?ndll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KIRAN\My

Documents\Kiran\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) -

{CFCE654E-A18F-AD79-FC4A-F8EA6BEF2896} -

C:\WINDOWS\system32\sbvcd.dll
R3 - URLSearchHook: (no name) -

_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} -

C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Orut]

"C:\DOCUME~1\FAISAL~1.USE\APPLIC~1\APPATC~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Bzimgd] C:\WINDOWS\a?sembly\r?ndll32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo

Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -

http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauclt.dll

C:\WINDOWS\system32\explorer.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner

- C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

2
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by racecar22
0

Run hijack this in safe mode. My best option is to redo the software on the system. The people who do the spyware will send you time bombs. I got my server cleaned out and two monthes latter it is was back. I know it is not the best answer, but I have a network of 6 computers and that is what I do. The best way to get ride of Spyware is to format the drive. Also thy to use a limited user account when you are surfing the web. Use the admion account when you need to change programs.

0

well i had this similar problem before and i fixed it im sure the only way to fix this is not by installing windows again. if anyone can please help me.

here is updated hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 12:59:58 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\system32\xd7ehbkw.exe
C:\Program Files\Common

Files\{C8386772-03E4-1033-0405-010323200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\a?sembly\r?ndll32.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and

Settings\FaiSaL.USER-V1BCMSXSH8\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.mrfindalot.com/search.asp?si=20069&k=
R3 - URLSearchHook: (no name) -

_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) -

{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program

Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} -

C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

- C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [IpWins] "C:\Program Files\ipwins\ipwins.exe"
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TClock.exe] "C:\Program Files\TClock\tclock_install.exe"
O4 - HKCU\..\Run: [Bzimgd] C:\WINDOWS\a?sembly\r?ndll32.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

(ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A}

(mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo

Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -

http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75}

(Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} -

C:\WINDOWS\system32\v199.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner

- C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.