 [Closed] Computer slow and cant get rid website shortcuts on desktop. |
 Oct 27 2009, 01:09 AM
Post
#1
|
|
|
New Member  Group: New Member Posts: 1 Joined: 27-October 09 Member No.: 88,543 Operating System: Windows XP Home,service pack 2  |
3 website shortcuts keep appearing on desktop after deleting them,several ie processes running at same time in task manager,and all programs running super slow. Cant open email I get a session has exspired message asking me to log back in every time I click on a email message.Here is hijack this log.gof33@yahoo.comLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:51 PM, on 10/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe C:\WINDOWS\fonts\services.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\TEMP\VRTA.tmp C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\FastNetSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\lsm32.sys R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll F3 - REG:win.ini: load=C:\WINDOWS\fonts\services.exe F3 - REG:win.ini: run=C:\WINDOWS\fonts\services.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'Default user') O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Yukon Gold - C3BDCDEE-93D8-449F-AD28-7E54AD76D68F - C:\Microgaming\Casino\YukonGold\Casinogame.exe (HKCU) O9 - Extra button: Odds Maker - {b3cab7b9-eb43-46a2-8e15-02cc298dec71} - C:\Documents and Settings\butfucka rear\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU) O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/...GamesLoader.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248670326356 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1248672472546 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v50/luxor/luxor.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O20 - Winlogon Notify: pmod11 - C:\WINDOWS\SYSTEM32\pmod11.dll O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Net_Login - Unknown owner - C:\WINDOWS\svchust.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8657 bytes This post has been edited by ibwicked: Oct 27 2009, 02:51 PM |
 |
 
|
|
Replies
|
Nov 3 2009, 02:38 AM
Post
#2
|
|
 Advanced Member  Group: MRU Teachers Posts: 767 Joined: 18-July 06 From: Southeast Finland Member No.: 58,602 Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)  |
Due to inactivity this topic will be closed.
If you need help please start a new thread. |
|
|
|
Posts in this topic
ibwicked [Closed] Computer slow and cant get rid website shortcuts on desktop. Oct 27 2009, 01:09 AM
Blade81 One or more of the identified infections is a back... Oct 29 2009, 03:03 AM
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
16 | Poopkabob | 292 | Today, 01:01 AM Last post by: Poopkabob |
|||
 |
6 | renobruce | 65 | Yesterday, 11:43 PM Last post by: renobruce |
|||
|
1 | shbrooks | 21 | Yesterday, 06:55 PM Last post by: jephree |
|||
|
4 | whoopie | 69 | Yesterday, 05:33 PM Last post by: whoopie |
|||
|
Time is now: 21st November 2009 - 03:06 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
