sisters computer is going off the wall

Static_11 · 10-21-2007, 08:27 PM

messages in the bottom right hand corner of screen every few seconds.
random IE pop ups...yet IE is never used.

Logfile of HijackThis v1.99.1
Scan saved at 7:22:26 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eHome\Wireless G EH102\wirelesscm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Amy\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6880] command /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"
O4 - HKLM\..\RunOnce: [SpybotDeletingC435] cmd /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB932] command /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"
O4 - HKCU\..\RunOnce: [SpybotDeletingD529] cmd /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

Osiris · 10-22-2007, 11:13 AM

remove these entries

C:\Program Files\Video Add-on\icthis.exe

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Video Add-on\isfmm.exe

Uninstall Java and remove this C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Video Add-on\icmntr.exe

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll

O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll

O4 - HKLM\..\RunOnce: [SpybotDeletingA6880] command /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"

O4 - HKLM\..\RunOnce: [SpybotDeletingC435] cmd /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"

O4 - HKCU\..\RunOnce: [SpybotDeletingB932] command /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"

O4 - HKCU\..\RunOnce: [SpybotDeletingD529] cmd /c del "C:\WINDOWS\system32\nczupfw.dll_tobedeleted_o ld"

if these cant be remove in normal mode, reboot into safemode and delete, then post a new log

Static_11 · 10-22-2007, 08:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:20:25 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eHome\Wireless G EH102\wirelesscm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Amy\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

SirCyber · 10-22-2007, 08:29 PM

the original post sounded like an issue I've had before... got system clean and it's all better lol

Osiris · 10-22-2007, 09:00 PM

Looks much better....

remove these entries

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)

O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)

Now you can reinstall Java

Is her pc better or are you still getting popups?

Static_11 · 10-22-2007, 10:36 PM

yeah so far it's a lot better.

could this be from her playing all kinds of disney games and other free kids game sites?

thats about all that computer is used for.