Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Argghhh.. Serious Trojan/Virus Issues.


  • Please log in to reply

#1
Oniketsoku

Oniketsoku

    Member

  • Member
  • PipPipPip
  • 343 posts
Hmm..
Well, A Few days back, my friend got infected by a virus on AIM(Aol Instant Messanger)
By clicking on a link from someone saying "see my pic" and a link following it.
So he does it, and the next thing he knows, somehow it's automatically Messaging everyone on his buddylist this link, me being one of them.
So im like, what the heck, and click on it. The next thing I know, this is happening to me, and AVG has picked up many Virus detections, and have tried to heal or move them ot the vault, and its not helping.
Maybe this will help you figure out what's going on, my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:39:39 AM, on 9/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\LOCKX.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GUILD WARS\GW.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\ETB\POKAPOKA70.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PROFILES\ONIKETSOKU\DESKTOP\WPSETUP.EXE
C:\WINDOWS\TEMP\~EXB0000\DISK1\SETUP.EXE
C:\WINDOWS\PROFILES\ONIKETSOKU\DESKTOP\WPSETUP.EXE
C:\WINDOWS\TEMP\~EXB0000\DISK1\SETUP.EXE
C:\WINDOWS\TEMP\~EXB0000\DISK1\SETUP.EXE
C:\WINDOWS\TEMP\~EXB0000\DISK1\SETUP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [strtas] LOCKX.EXE
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\ETB\POKAPOKA70.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [strtas] LOCKX.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [strtas] LOCKX.EXE
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [strtas] LOCKX.EXE
O4 - HKCU\..\RunServices: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\RunServices: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: eZ$hopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: eZ$hopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAM FILES\FREEPROD TOOLBAR\FREEPROD.DLL
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAM FILES\FREEPROD TOOLBAR\FREEPROD.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

Well, if anyone actually replies to my post i'd gladly appreciate it..
It's strange, my web browser keeps randomly opening up leading to sites that download Free MP3 players or something.. MSDOS has also seemed to randomly open a few times.
Please help me if you can....
Also, my web browser is Mozilla Firefox, not internetexplorer.
Hope someone gets to read this :tazz:
  • 0

Advertisements


#2
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Please help!.. :tazz:
  • 0

#3
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.




You Have a CoolWebSearch Infection.

Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh HijackThis log.


Next, Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.


You are currently running HijackThis from a temporary folder.

Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.

To make a new folder:

Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.



Open HijackThis, click the "Scan" button, and check the following items (If present):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [strtas] LOCKX.EXE
O4 - HKLM\..\RunServices: [strtas] LOCKX.EXE
O4 - HKCU\..\Run: [strtas] LOCKX.EXE
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O4 - HKCU\..\RunServices: [strtas] LOCKX.EXE
O4 - HKCU\..\RunServices: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\RunServices: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O9 - Extra button: eZ$hopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: eZ$hopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAM FILES\FREEPROD TOOLBAR\FREEPROD.DLL
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAM FILES\FREEPROD TOOLBAR\FREEPROD.DLL

Close all windows except HijackThis, and click the "Scan" button.

Locate the following files/folders and delete them:

C:\WINDOWS\SYSTEM\LOCKX.EXE
C:\Program Files\Common Files\Windows
C:\Program Files\Common Files\mc-62-602-0000156.exe

Reboot and post a new log.

Danny :tazz:
  • 0

#4
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Lol, I've already gotten rid of most of that now, and new.net, but messed up my internet connection. I can't seem to get a copy of Winsock2 on a floppy, but when I did it came up illegal opertaion'd and another error message entitled restrictions. :/ I'd post a new HiJackThis log when I get my computer back working =D
  • 0

#5
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

Hi,

Please download LSPFix and run it.

Check the "I know what I'm Doing" button.

Now locate the following file and make sure all instances of it is on the right side:

newdotnet6_38.dll
OR

newdotnet*_**


NOTE: * means random)

Now, click Finish. Reboot and post a new log.

Danny :tazz:
  • 0

#6
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Nothing shows up in LSPFix :/ and I cant access the internet on the computer i posted this log on..
  • 0

#7
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

1.) Download WinsockFix.zip. (by: Option^Explicit) from: http://www.tacktech..../WinsockFix.zip

2.) UnZip WinsockFix.zip (Pay close attention to where the file is extracted to.)
3.) Run WinsockFix.exe.
4.) Click the Fix button.


This program will clean up your TCP/IP connection and rebuild the database. After the program is complete, reboot and your problems should be resolved.
  • 0

#8
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Alright.. This computer is a laptop; I'll go over my friends house later and put it on a floppy, thanks for the reply. Winsock2repair didn't work on my computer =/
  • 0

#9
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Okay, finally fixed my computer. (Thanks to Wannabe1)
Really slow and cant run games yet, though.

Heres a new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:46:49 PM, on 10/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\ONIKETSOKU\DESKTOP\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

Edited by Oniketsoku, 28 October 2005 - 03:13 PM.

  • 0

#10
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Restarting the computer, just uninstalled Free AVG, it does nothing but put stuff in the vault, ill post a new HJT log in a min with probabls hundreds of new trojans once i reboot
  • 0

Advertisements


#11
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:17:12 PM, on 10/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\ONIKETSOKU\DESKTOP\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
  • 0

#12
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
I gotta go.. Football game(I'm in marching band, hate football) and we have a post-game show tonight. And, seeing my sister brought her 2 year old baby over and took over my room, I am unable to log on here and check it. All day tommorow I have a marching band competition, and I wont be home until late that night, and the baby will be asleep by then. Soo.. I hope to get to you Sunday? Sorry..
  • 0

#13
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Hi,

What problems are you having now?
  • 0

#14
Oniketsoku

Oniketsoku

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Lol what do you mean (dont have access to my computer till sunday)
It's just lagging really bad, especially the internet. I suspect malware.
  • 0

#15
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip

Unzip it to the desktop, run it, and click Scan.

This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP