Having some problems with popups when in Mozilla and computer becomes very slow at times. I have followed the pre-posting instructions and ran ATF Cleaner, Malwarebytes, and ran Vundofix for the heck of it. Here is my HijackThis Log. Much appreciation to anyone who can help. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:58 PM, on 8/5/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Nobicyt.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\fet4wrfgfdtew.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\Saveme.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 74.53.242.130 nyiluv.com
O1 - Hosts: 212.42.1.55 lolgmae.com
O2 - BHO: (no name) - {1F038DA7-48F7-40EA-B27E-9D1D307E4AD6} - (no file)
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\opnnkkIc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E571855-50FB-4508-A3F4-DB530D45FEE4} - (no file)
O2 - BHO: (no name) - {8984dee4-8c58-4ed2-818f-4029ff68ff4f} - (no file)
O2 - BHO: (no name) - {9E2D9467-33C4-40F6-A3E8-8C1DA379BB29} - (no file)
O2 - BHO: (no name) - {A4EBCF6F-BCB2-4DA3-8F02-3720E9B7B701} - C:\WINDOWS\System32\urqOIbAs.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b13164e7-4502-4cff-af64-397c46a2c05c} - (no file)
O2 - BHO: (no name) - {B5FFFA93-C98C-4F55-A7B8-10C7D491369A} - (no file)
O2 - BHO: (no name) - {D2DDDC51-3185-4620-95A9-6C8F48EAD3B6} - (no file)
O2 - BHO: (no name) - {E6990EED-14F8-417D-ACB0-B375A5DA4AED} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [{C2-20-06-6D-DW}] C:\WINDOWS\system32\jpwnw64r.exe DWram
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.xmlsweb.socalmls.com/XMLSearch/XMLCache.CAB
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} -
O20 - Winlogon Notify: opnnkkIc - C:\WINDOWS\SYSTEM32\opnnkkIc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: COM+ Event System EventSystemPlugPlay (EventSystemPlugPlay) - Unknown owner - C:\WINDOWS\System32\acluic.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\System32\Nobicyt.exe
O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5478 bytes

Hi, and Welcome to WhatTheTech

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

You need to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
(DO NOT INSTALL SP2 at this time)

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

After taking care of the above instructions, please post a new HijackThis log.

I followed your instructions and downloaded and installed Windows XP Service Pack 1a. I was prompted to restart the computer after installing and ran into a major problem. The computer keeps restarting when XP is booting up. I have a Toshiba laptop; when the computer starts the Toshiba logo appears, then the Windows XP boot screen shows, then a black screen with a white movable mouse pointer for a couple seconds, then a blue screen appears for a half second and the computer restarts and goes back to the Toshiba screen and continues this pattern. Really need somebody's help. Thanks.

jblank1,


Boot Into Safemode

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Last Known Good Configuration using the arrow keys.
Then press enter on your keyboard.

If you can get started back up, please post a new HijackThis log.

Do you have your windows CD in case we have to do a system repair?

Tried Last Known Good Configuration at the F8 menu options and the computer still restarts. I don't have my windows cd. Can you let me know what to do next in case I can come across one?

jblank1,

I'll get back to you as soon as I get some advice from some other helpers.

jblank1,

I haven't been able to come up with any magic yet. However, in the meantime, here is something to think about:

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
• Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

This may be an additional reason to reformat.

If you choose to do this:

See here for a guide to formatting/re-installing, including backups and preparation:
http://www.geekstogo.com/forum/Reformat-In...ws-t173729.html

jblank1,

I was contemplating possible solutions to your problem when I realized I'm a little slow on the uptake. When you said:

I took it that you were asking if I was able to help you do a repair or a reformat if necessary. What you were actually asking is for me to tell you what I would have you do if you were able to proceed. The answer to that question is infinite. Without the information back from you, I don't have anything to proceed on.

Now for a little Sherlock Holmes work: Based upon studying your posts, I have come to the conclusion that the actual root of the problem you have (beside all of the nasties on your computer) is that you cannot update your computer because you don't have a legal copy of windows. Am I right?

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log