I keep getting a system memory low due to the pop up ads that keep coming up on the internet.
This is my parents computer and we have no idea why it all of the sudden started doing this. They don't play on the computer themselves. Below is the log.
Thank you!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:56 PM, on 3/7/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\INTERB~1\Bin\ibserver.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINNT\system32\SxgTkBar.exe
C:\Program Files\NavNT\vptray.exe
C:\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINNT\System32\regsvr32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\beckie.CAMAIN\Application Data\Microsoft\mkpvwxl.exe
C:\Program Files\VnrPack\VnrPack22.exe
C:\Documents and Settings\beckie.CAMAIN\Application Data\cogad\cogad.exe
C:\Program Files\GetPack\GetPack30.exe
C:\Program Files\GetModule\GetModule38.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Print Screen\SPRINT32.EXE
C:\WINNT\Welcome.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\beckie.CAMAIN\Local Settings\Temporary Internet Files\Content.IE5\IB2V8NO1\HijackThis[1].exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: globaladsolution browser enhancer - {10E8227B-32E7-A3C3-A8C3-A3398244FC99} - C:\WINNT\system32\boepsskdjujrtggsj.dll
O2 - BHO: globaladsolution - {2d7def95-a712-0f72-e053-e801913b213f} - C:\WINNT\system32\nseA.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - C:\WINNT\system32\xdddkkly.dll
O2 - BHO: Debro IE Helper - {836A4B93-6F4A-4d61-AD3D-B8225D921F42} - C:\Program Files\DebroPack\DebroPack.dll
O2 - BHO: GrandBar IE Helper - {84BA8988-33E1-4c89-A150-BF428E8D3213} - C:\Program Files\GrandPack\GrandPack2.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINNT\system32\iehelper.dll
O2 - BHO: (no name) - {f0c1435a-7876-4762-9a67-3482e7bab40a} - C:\WINNT\system32\pufuniso.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM04e13722] Rundll32.exe "c:\winnt\system32\kopuwiro.dll",a
O4 - HKLM\..\Run: [ntdll.dll] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wornunptnmbw] C:\WINNT\System32\regsvr32.exe /s "C:\WINNT\system32\boepsskdjujrtggsj.dll"
O4 - HKLM\..\Run: [gayiyarijo] Rundll32.exe "C:\WINNT\system32\gutenadu.dll",s
O4 - HKLM\..\Run: [07d204be] rundll32.exe "C:\WINNT\system32\wdaejoan.dll",b
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\beckie.CAMAIN\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\beckie.CAMAIN\Application Data\Microsoft\mkpvwxl.exe
O4 - HKCU\..\Run: [VnrPack22] "C:\Program Files\VnrPack\VnrPack22.exe"
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\beckie.CAMAIN\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [GetPack30] "C:\Program Files\GetPack\GetPack30.exe"
O4 - HKCU\..\Run: [GetModule38] C:\Program Files\GetModule\GetModule38.exe
O4 - HKCU\..\Run: [VnrPack26] "C:\Program Files\VnrPack\VnrPack26.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Print Screen.lnk = C:\Print Screen\SPRINT32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Camain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Camain.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Camain.local
O20 - AppInit_DLLs: hpm.dll ydaoou.dll c:\winnt\system32\kopuwiro.dll sxohzc.dll,ilbfui.dll,xclryt.dll,C:\WINNT\system32\muwevola.dll goyyoe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\kopuwiro.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\kopuwiro.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\V29ya3N0YXRpb24gT25l\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\INTERB~1\Bin\ibserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
--
End of file - 10309 bytes