Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Freeze-ups, Pop-ups And Constant Clicking Sound.


  • This topic is locked This topic is locked
4 replies to this topic

#1 brink2007

brink2007

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 April 2007 - 08:55 AM

Please help me. For the last week my computer has been suffering from constant pop-ups. It will also close browsers during internet surfing and restart completely for no reason, that I can see. I have a cable modem and recently had WinAntivir as a free Antivirus resource but it is constanly notifying me of Trojans and unwanted files even when I'm not surfing. I have installed it recently to avoid the pop up notifications but now all of these problems are starting up. Please check my Hijack logfile and let me know how I've screwed it up this time please? Thanks and happy holidays.
Logfile of HijackThis v1.99.1
Scan saved at 10:49:58 AM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sprint.co...inkregistration
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - F:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - F:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - F:\WINDOWS\system32\shdocvs.dll
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - F:\WINDOWS\system32\cscentfy.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - F:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - F:\WINDOWS\system32\tmp38.tmp.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - F:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - F:\Program Files\EarthLink\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {edc4766f-0ba0-4797-87aa-25f2e7b72330} - F:\WINDOWS\system32\mplent.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - F:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [WorkFlow] D:\installs\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] F:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [sysinter] F:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundService] rundll32.exe "F:\WINDOWS\dddawx.dll",setvm
O4 - HKCU\..\Run: [License Manager] "F:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "F:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [adirka] F:\WINDOWS\system32\adirka.exe
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = F:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O4 - Global Startup: Virtual Assistant.lnk = F:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: EarthLink Google Search - res://F:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mplent - F:\WINDOWS\SYSTEM32\mplent.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Thank you.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 April 2007 - 09:19 AM

Hello and welcome to the forum.

You have some serious infections and no anti-virus, firewall or anything security related running that I can see.

One infection is a password stealer trojan.

I can't promise we will be able to completely clean it.

Click the HERE and Save, Install, Update and run a full scan.


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 brink2007

brink2007

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 15 April 2007 - 07:10 PM

Ok, after I Saved, installed and run the avtivirus program, I rebooted. When the computer came back on, my internet connection was gone. It was also saying a part of the free trial program was not operating correctly. I contacted my service provider for help and they couldn't help me. it seemed that the modem was fine, but the system couldn't renew it ip address. This is another computer, I'm just going to half to swipe and reload the other. Can someone give me an idea of the best type of security software to use so that I don't get these viruses and spyware again? I have spybot, adware, and mcafee. Thanks!

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 April 2007 - 07:13 PM

Try this first. It will fit on a Thumb or Floppy drive.

The infection you have can cause you to lose your internet connection.
Get a copy of winsockxpfix.exe in case that happens.You just run it and
things should work OK after it reboots your system.

http://www.snapfiles...nsockxpfix.html

If that works, post a new HJT log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 30 April 2007 - 04:13 PM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.tomcoy...hp?showforum=27 ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.

==============================


Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users