Computer trouble (virus scan results)

Discussion in 'adware, spyware & hijack cleaning' started by computerproblem, May 16, 2004.

Thread Status:
Not open for further replies.
  1. computerproblem

    computerproblem Registered Member

    Joined:
    May 16, 2004
    Posts:
    1
    I ran ad-aware, spybot S&D, and hijackthis on my computer. I ran these because my computer was just shutting down by turning itself off (like the power was just turned off), then it would try to reboot itself over and over again. I checked the fans and they are running and I cleaned out some of the dust. (My hard drive in only 12 months old. Western Digital 80) I bought a new power cord and that did not help. I got a new hard drive and installed it and when XP was 99% done installing it aborted the install. I then put the old hard drive back in and ran AVG 6.0 and it seem to help some. My computer would stay on for about 3 hours. Now that I have ran ad-ware, spybot s&d, and hijackthis it seems to be running longer so far it has not turned itself off. Here are the results of what hijackthis found.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:19:33 AM, on 5/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\OBJWIN~1\intraroadheck.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\documents and settings\owner\local settings\temp\NCal6T66P.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\WINDOWS\System32\etmann.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\unzipped\hijackthis1977\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchexe.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
    R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
    R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\dszmi62k.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\dszmi62k.slt\prefs.js)
    O1 - Hosts file is located at: C:\WINDOWS\help\hosts
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.194.56 www.google.akadns.net
    O1 - Hosts: 207.44.194.56 www.google.com
    O1 - Hosts: 207.44.194.56 google.com
    O1 - Hosts: 207.44.194.56 www.altavista.com
    O1 - Hosts: 207.44.194.56 altavista.com
    O1 - Hosts: 207.44.194.56 search.yahoo.com
    O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
    O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
    O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
    O1 - Hosts: 207.44.194.56 au.search.yahoo.com
    O1 - Hosts: 207.44.194.56 de.search.yahoo.com
    O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
    O1 - Hosts: 207.44.194.56 www.lycos.de
    O1 - Hosts: 207.44.194.56 www.lycos.ca
    O1 - Hosts: 207.44.194.56 www.lycos.jp
    O1 - Hosts: 207.44.194.56 www.lycos.co.jp
    O1 - Hosts: 207.44.194.56 alltheweb.com
    O1 - Hosts: 207.44.194.56 web.ask.com
    O1 - Hosts: 207.44.194.56 ask.com
    O1 - Hosts: 207.44.194.56 www.ask.com
    O1 - Hosts: 207.44.194.56 www.teoma.com
    O1 - Hosts: 207.44.194.56 search.aol.com
    O1 - Hosts: 207.44.194.56 www.looksmart.com
    O1 - Hosts: 207.44.194.56 auto.search.msn.com
    O1 - Hosts: 207.44.194.56 search.msn.com
    O1 - Hosts: 207.44.194.56 ca.search.msn.com
    O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
    O1 - Hosts: 207.44.194.56 search.fr.msn.be
    O1 - Hosts: 207.44.194.56 search.fr.msn.ch
    O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
    O1 - Hosts: 207.44.194.56 search.msn.at
    O1 - Hosts: 207.44.194.56 search.msn.be
    O1 - Hosts: 207.44.194.56 search.msn.ch
    O1 - Hosts: 207.44.194.56 search.msn.co.in
    O1 - Hosts: 207.44.194.56 search.msn.co.jp
    O1 - Hosts: 207.44.194.56 search.msn.co.kr
    O1 - Hosts: 207.44.194.56 search.msn.com.br
    O1 - Hosts: 207.44.194.56 search.msn.com.hk
    O1 - Hosts: 207.44.194.56 search.msn.com.my
    O1 - Hosts: 207.44.194.56 search.msn.com.sg
    O1 - Hosts: 207.44.194.56 search.msn.com.tw
    O1 - Hosts: 207.44.194.56 search.msn.co.za
    O1 - Hosts: 207.44.194.56 search.msn.de
    O1 - Hosts: 207.44.194.56 search.msn.dk
    O1 - Hosts: 207.44.194.56 search.msn.es
    O1 - Hosts: 207.44.194.56 search.msn.fi
    O1 - Hosts: 207.44.194.56 search.msn.fr
    O1 - Hosts: 207.44.194.56 search.msn.it
    O1 - Hosts: 207.44.194.56 search.msn.nl
    O1 - Hosts: 207.44.194.56 search.msn.no
    O1 - Hosts: 207.44.194.56 search.msn.se
    O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
    O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
    O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
    O1 - Hosts: 207.44.194.56 search.yupimsn.com
    O1 - Hosts: 207.44.194.56 uk.search.msn.com
    O1 - Hosts: 207.44.194.56 search.lycos.com
    O1 - Hosts: 207.44.194.56 www.lycos.com
    O1 - Hosts: 207.44.194.56 www.google.ca
    O1 - Hosts: 207.44.194.56 google.ca
    O1 - Hosts: 207.44.194.56 www.google.uk
    O1 - Hosts: 207.44.194.56 www.google.co.uk
    O1 - Hosts: 207.44.194.56 www.google.com.au
    O1 - Hosts: 207.44.194.56 www.google.co.jp
    O1 - Hosts: 207.44.194.56 www.google.jp
    O1 - Hosts: 207.44.194.56 www.google.at
    O1 - Hosts: 207.44.194.56 www.google.be
    O1 - Hosts: 207.44.194.56 www.google.ch
    O1 - Hosts: 207.44.194.56 www.google.de
    O1 - Hosts: 207.44.194.56 www.google.se
    O1 - Hosts: 207.44.194.56 www.google.dk
    O1 - Hosts: 207.44.194.56 www.google.fi
    O1 - Hosts: 207.44.194.56 www.google.fr
    O1 - Hosts: 207.44.194.56 www.google.com.gr
    O1 - Hosts: 207.44.194.56 www.google.com.hk
    O1 - Hosts: 207.44.194.56 www.google.ie
    O1 - Hosts: 207.44.194.56 www.google.co.il
    O1 - Hosts: 207.44.194.56 www.google.it
    O1 - Hosts: 207.44.194.56 www.google.co.kr
    O1 - Hosts: 207.44.194.56 www.google.com.mx
    O1 - Hosts: 207.44.194.56 www.google.nl
    O1 - Hosts: 207.44.194.56 www.google.co.nz
    O1 - Hosts: 207.44.194.56 www.google.pl
    O1 - Hosts: 207.44.194.56 www.google.pt
    O1 - Hosts: 207.44.194.56 www.google.com.ru
    O1 - Hosts: 207.44.194.56 www.google.com.sg
    O1 - Hosts: 207.44.194.56 www.google.co.th
    O1 - Hosts: 207.44.194.56 www.google.com.tr
    O1 - Hosts: 207.44.194.56 www.google.com.tw
    O1 - Hosts: 207.44.194.56 go.google.com
    O1 - Hosts: 207.44.194.56 google.at
    O1 - Hosts: 207.44.194.56 google.be
    O1 - Hosts: 207.44.194.56 google.de
    O1 - Hosts: 207.44.194.56 google.dk
    O1 - Hosts: 207.44.194.56 google.fi
    O1 - Hosts: 207.44.194.56 google.fr
    O1 - Hosts: 207.44.194.56 google.com.hk
    O1 - Hosts: 207.44.194.56 google.ie
    O1 - Hosts: 207.44.194.56 google.co.il
    O1 - Hosts: 207.44.194.56 google.it
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
    O2 - BHO: (no name) - {B2356807-7081-FAFD-031E-9A6C17E29102} - C:\PROGRA~1\OWNSMA~1\Poke Five.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HideOne - {C90F9B22-F548-DDE5-8AF5-D19531D2FFFB} - C:\PROGRA~1\OWNSMA~1\Poke Five.dll
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [GLUETHE] C:\PROGRA~1\OBJWIN~1\intraroadheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [NCal6T66P] C:\documents and settings\owner\local settings\temp\NCal6T66P.exe
    O4 - HKLM\..\Run: [2Y4@BL93GMNHME] C:\WINDOWS\System32\Zgm8.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [cdexv] C:\WINDOWS\System32\cdexv.exe
    O4 - HKLM\..\Run: [etmann] C:\WINDOWS\System32\etmann.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [PRIVANAL] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CS2\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi computerproblem,

    First run this uninstaller while being online :

    http://www.memorywatcher.com/uninst.exe

    Then have only HijackThis running and fix :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchexe.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchexe.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html

    R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
    R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    O1 - Hosts file is located at: C:\WINDOWS\help\hosts

    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
    O2 - BHO: (no name) - {B2356807-7081-FAFD-031E-9A6C17E29102} - C:\PROGRA~1\OWNSMA~1\Poke Five.dll

    O3 - Toolbar: HideOne - {C90F9B22-F548-DDE5-8AF5-D19531D2FFFB} - C:\PROGRA~1\OWNSMA~1\Poke Five.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [NCal6T66P] C:\documents and settings\owner\local settings\temp\NCal6T66P.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [cdexv] C:\WINDOWS\System32\cdexv.exe
    O4 - HKLM\..\Run: [etmann] C:\WINDOWS\System32\etmann.exe
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com

    Next make sure all hidden files/fodlers are set to show : Here' How

    Restart PC after doing so in Safe Mode : Here's How and remove (if still present) :

    C:\Program Files\MyWay\ <- this folder
    C:\PROGRAM FILES\Comet\ <- this folder
    C:\WINDOWS\Downloaded Program Files\bridge.dll <- this file
    C:\documents and settings\owner\local settings\temp\NCal6T66P.exe <- this file
    C:\WINDOWS\System32\IEHost.exe <- this file
    C:\WINDOWS\System32\cdexv.exe <- this file
    C:\WINDOWS\System32\etmann.exe <- this file
    C:\WINDOWS\System32\wnsintsv.exe <- this file

    Clean temp internet files

    Restart PC again in normal mode

    Hope this helps

    Cheers,
     
Thread Status:
Not open for further replies.