I never paid attention to my old computer untill i turned it on. MANY pop ups and security warnings continuously appear saying i have a virus and a lot of spyware. My desktop deletes and MSDOS randomly pops up now and then....you cant do anything on the computer...when i am in administrator mode my start bar is all messed up...i dnt have an anit virus or anti-spyware as of now...i took screenshots of various things that happened and i also have a hijack log....all help will be greatly appreciated...this computer is a MESS!!!!
EDIT: im running REGCURE right now and about to install kaspersky....if there are better programs out there help will be great =]
Logfile of HijackThis v1.99.1
Scan saved at 23:49: VIRUS ALERT!, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\tmp0.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\tmp1.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RegCure\RegCure.exe
E:\BACKUP!\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: mkrndofl - {6E8E8B03-9F95-4E6D-9EE0-AF2305509D7B} - C:\WINDOWS\mkrndofl.dll
O3 - Toolbar: gktxaspm - {0983040A-984F-4BEF-BEBE-D3D3342D3954} - C:\WINDOWS\gktxaspm.dll
O3 - Toolbar: atfxqogp - {DF0D3876-B04E-41B5-8122-8D915A724260} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [BM835a5c87] Rundll32.exe "C:\WINDOWS\system32\yhnmmeyn.dll",s
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone -
http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} -
http://xscanner.shredderscan.com/setup/webinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16CA7AF8-6904-4EDD-9CA9-A5516E299BFF}: NameServer = 85.255.116.54,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B7B931D-AE8C-4C16-8004-DD01C7AC9ED9}: NameServer = 85.255.116.54,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{E711678E-87D4-4D4F-A085-760CB508489E}: NameServer = 85.255.116.54,85.255.112.179
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.179
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.179
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.179
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: tdomgafw - {BEA3FCFB-94CB-4FF1-9F04-6176024A8BB9} - C:\WINDOWS\tdomgafw.dll
O21 - SSODL: wetkadmr - {98740AE3-7FB5-49A1-8F4F-C60A40B88951} - C:\WINDOWS\wetkadmr.dll
O21 - SSODL: MonMon - {e3de80e3-7991-4608-be74-bd5699427674} - C:\WINDOWS\Resources\MonMon.dll
O21 - SSODL: vregfwlx - {B6EDB284-8BF3-4AEF-9DEA-69F989320DF0} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: vltdfabw - {C25E64A2-DA45-43F9-A9AC-5E1161348363} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: ChkVolume - {a7905e85-4b0b-42fd-b4d0-2d69a208aa72} - C:\WINDOWS\Resources\ChkVolume.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
