I am a webmaster, and I am trying to build my website, but my computer keeps acting weird and seems to be going into random hybernation for no reason in the middle of ANYTHING. I tried to do a scan to see if there was any virus/malware that was causing this, but nothing came up.
When I ran Spybot Search and Destroy, "Smitfraud-C. Toolbar888" came up… for the bazillionth time! What do I do??? Also, random websites just pop up in new windows, and I can’t stop them. Even pop-up blockers with by Browser and Google Toolbar can’t stop them!
Here is some info that I got from HijackThis (You may find Vista applications listed due to the fact that I downloaded the Vista Transformation package from WindowsX):
Logfile of HijackThis v1.99.1
Scan saved at 11:13:27 AM, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\{34960067-AA37-4A08-929E-5E2E79AC4994}\Blaero Start Orb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\{689E0DA4-EC91-4BA6-9817-E9D090367F49}\sidebar.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MDLAAK1Y\Windows-KB890830-V1.29[1].exe
c:f2b4d98fc082856d2a86ba268e7dad0\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijackthis_199\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: StylerToolBar – {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} – C:\Program Files\Styler\TB\StylerTB.dll
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\hpztsb04.exe
O4 – HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 – HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 – HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 – HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 – HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 – HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 – HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 – HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 – HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 – HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ppjickkp.dll",realset
O4 – HKLM\..\Run: [MSRegScan] C:\Program Files\CMK Demo\RSCMKDemo.exe
O4 – HKLM\..\Run: [j4211039] rundll32 C:\WINDOWS\system32\j4211039.dll sook
O4 – HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\nyfblbrr.dll",realset
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Startup: Vista sidebar.lnk = C:\Program Files\Vista Sidebar\sidebar.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 – Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 – Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 – Global Startup: hp center UI.lnk = C:\Program Files\hp center7903\Shadow\ShadowBar.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 – Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open with WordPerfect – C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [INTERNATIONAL] International*
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} – http://software-dl.real.com/233de769…p/RdxIE601.cab
O16 – DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/S…/bin/cabsa.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsof…?1143834557002
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) – https://secure.logmein.com/activex/RACtrl.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BDB36E4F-BE12-4941-A468-E5E99571E66A}: NameServer = 192.168.1.254
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: F-Prot Antivirus Update Monitor – FRISK Software – C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ProtexisLicensing – Unknown owner – C:\WINDOWS\system32\PSIService.exe
P.S. This is a shared work-related computer on a network, so I don’t know what all may be listed above or downloaded on here that may not be "good," ya know?
Thanks for any help!
Opinions