Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP..PC GONE GRAZY


  • Please log in to reply
24 replies to this topic

#1 what

what

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 06 March 2005 - 11:59 PM

My pc has suddenly gone crazy..i got about 10 new programs that just downlod by themselves every time I restart windows...I can't go on the internet until i shut down iexplore.exe from the processses...16 bit DOS pops up all the time with other pop ups and it's drivnig me crazy..the speed of my fan is fast too..it's going really fast..youcan hear it but my pc is so slow...

here is my log:

Logfile of HijackThis v1.98.2
Scan saved at 11:57:46 PM, on 3/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\cthelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\windows\system32\pk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Client1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

THANKS FOR ALL YOUR HELP

BC AdBot (Login to Remove)

 


#2 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 07 March 2005 - 06:36 AM

Hi What,

*I would strongly suggest you to print out my instructions, It's a lot easier than trying to remember everything.

*Please download and install CCleaner
Don't use it yet.

*Please download the current version of hijackThis: http://computercops.biz/downloads-file-328.html.
*You need to put hijackThis in a permanent folder, if you fix something with hijackThis, it will create a backup. If you fixed anything wrong you can put it back with these backups.
But now your hijackThis locates in a temp folder. The backups can be accidently deleted if it is in a Temp folder.

*Please run HijackThis, hit "Scan" and check all items I suggest you to fix:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe


Next items are probably set by spybot search and destroy. It means there are restrictions to the controlpanel.
If you didn't set this policies then put a check mark to:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all open windows and browsers except hijackThis and click 'Fix Checked'.

*Reboot into SAFE MODE. (very important!!)
To get into the Windows XP Safe mode: Reboot your computer, while the system starts up, before you see the Windows logo you'll need to tap the F8 key repeatedly until you reach the Windows boot options screen, which should bring up the "Windows Advanced Options Menu".
Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Go to Start - Control Panel - Software - Add/Remove programs and uninstall (if there):

NavHelper
SideFind
PartyPoker


*Delete the following files and folders (if still present):

C:\WINDOWS\system32\cthelper.exe <-- don't remove CTHELPER.EXE
C:\WINDOWS\WINFRW.EXE <-- This file
C:\Program Files\SideFind <-- This folder
C:\Program Files\PartyPoker <-- this folder
C:\Program Files\GAMERI.. <-- this folder begins with these letters. The folder contains Gamebar.
C:\Program Files\ISTsvc <-- this folder

We need to do a search. Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:

"hotkeysvc.exe"

If this file has been found please delete it.

*Open CCleaner and hit "run cleaner".

*Reboot your computer in normal and post a fresh log please.

#3 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 07 March 2005 - 07:42 PM

thanks but i still have lots of problems and my pc is very very slow.

Logfile of HijackThis v1.98.2
Scan saved at 7:39:26 PM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSOICONS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Client1\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] MSOICONS.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

#4 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 08 March 2005 - 02:06 AM

Btw...

when I restart or open my pc...a window pops up titled:

sistray.exe-Unable to Locate Component

......to start because SiSApCom.dll was not found. Re-installing the ....... may solve the problem.

Then later on .... a window titled:

Microsoft Internet Explorer pops up

and it says : You must click Yes to Access ...and my only choice is Ok ..so you click it twice or three times for it to stop popping back.

then later...a 16 bit- Ms Dos window pops up and I dunno what it's talking about..

Thanks for ur help.

#5 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 08 March 2005 - 02:10 AM

16-bit Ms Dos Subsystem..

something can't run Autoexnt....exe because it's not proper..

#6 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 08 March 2005 - 07:27 AM

*Please download the current version of hijackThis: .

*You need to put hijackThis in a permanent folder, if you fix something with hijackThis, it will create a backup. If you fixed anything wrong you can put it back with these backups.
But now your hijackThis locates in a temp folder. The backups can be accidently deleted if it is in a Temp folder.

How to do this:

Click My Computer, click C:\
right click in an empty place and click, new - Folder.
Now you've create a new folder, right click and give it the name: hijackThis. Put hijackThis.exe you've downloaded in
that folder.


Download, install and use next programs:

Adaware
-->How to use Ad-aware to remove Spyware from my Computer?
SpywareBlaster
-->How to use SpywareBlaster to protect my Computer?
Spybot Search and destroy
--> How to use Spybot to remove Spyware from my Computer?
IE-Spyad"

*Please perform a free TroyanScan

*Perform a free online scan with HouseCall or [url="http://www.bitdefender.com/scan/licence.php"]Bitdefender

When you have done everything, reboot your computer and post a fresh log please with the newest version of hijackthis.

#7 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 08 March 2005 - 04:51 PM

I can't download anything because it says my current settings don't allow me too but i don't have anythign....

I have Ad-Aware
S&D
Cleanmypc
CCleaner
Cw Shredder

#8 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 08 March 2005 - 04:59 PM

Did you tried to log in as administrator? Why can't you download it? You don't have the rights on your computer?
If it doesn't work post a new log please.

#9 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 09 March 2005 - 12:44 AM

Logfile of HijackThis v1.98.2
Scan saved at 12:40:44 AM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MSOICONS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Client1\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] MSOICONS.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

I can't download anything help me please..

#10 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 09 March 2005 - 01:14 AM

i know i have 5 viruses...all of them

BackdoorSDot.exe or something...

Symantec quarantined them but it can't clean it....

#11 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 09 March 2005 - 03:05 AM

*Please run HijackThis, hit "Scan" and check all items I suggest that you fix:

O4 - HKLM\..\Run: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKLM\..\RunServices: [Microsoft Update Machine] MSOICONS.EXE
O4 - HKCU\..\Run: [Microsoft Update Machine] MSOICONS.EXE


Close all open windows and browsers except hijackThis and click 'Fix Checked'.

*Reboot into SAFE MODE. (very important!!)
To get into the Windows XP Safe mode: as the computer is booting press your "F8 key" many times before the computer starts up, which should bring up the "Windows Advanced Options Menu".
Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

*Delete the following file. (if still present):

Those file

C:\WINDOWS\system32\MSOICONS.EXE

*next folders you have to make empty. Look out! Don't remove the folders!

C:\documents and settings\your name\local settings\temp
C:\documents and settings\your name\local settings\temporary internetfiles
C:\documents and settings\your name\local settings\temporary internet files\content.ie5 <-- The line in bold you have to typ in your adresfield "your name" you must change to your account. press enter. Remove all the yellow folders. After removing you'll see the folders still presents, just press F5 to remove them to the recycle bin.
C:\documents and settings\your name\local settings\history
C:\Windows\Temp
C:\WINDOWS\prefetch

You may do that for every user account.

*Empty your recycle bin.

*Reboot your computer in normal mode and post a fresh log please.

#12 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 09 March 2005 - 05:08 PM

New log:

Logfile of HijackThis v1.98.2
Scan saved at 5:07:29 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Client1\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

IT STILL SAYS after i open my pc....sistray.exe- Unable to locate component..

missing S somethingCom.Dll

#13 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 09 March 2005 - 05:13 PM

Fix this one with hijackthis and your problem will be resolved:

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

*Congratulations What, your log is clean now. :D

*You need to disable system restore, because if you go back in time with "System Restore", it's possible to be infected again. How to do that:

1. Click Start > Settings > Control Panel.
2. Double-click the System icon
3. Click the Performance tab > File System > Troubleshooting tab
4. Check Disable System Restore
5. Click OK
6. Restart Windows.


*After reboot you need to enable your system restore. How to do that:

You have to do the same as you did to disable system restore, but now on point 4 you need to uncheck "Disable System Restore".

*I suggest you to check WindowsUpdate at least once a week to check for the latest updates to protect your computer.

*A computer needs a firewall, Without a firewall your computer can be hacked and taken over. It blocks a lot of suspicious items of the net. If you use a Firewall it will lower your risk to been attacked.
Here you can choose witch one you would like to use, they are both free for download en use:
Sygate and ZoneAlarm.

*Here a few programs to help you protecting your computer for spyware and trojans:

1.Adaware
-->How to use Ad-aware to remove Spyware from my Computer?
2.SpywareBlaster
-->How to use SpywareBlaster to protect my Computer?
3.Spybot Search and destroy
--> How to use Spybot to remove Spyware from my Computer?
4.IE-Spyad

*You can read next post: How did I infected in the first place?


Do you have problems now after fixing and reboot your pc?
Can you download something now?

#14 what

what
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 09 March 2005 - 06:34 PM

Thanks a lot for all your help

but my pc is still slower then normal..I don't know why.

Another question is before I was very well protected with Spy Sweeper and since the trial ended, everytime i download it, it says the trials' over..how can i re-use their trial?


Thanks.

#15 Mieke

Mieke

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 10 March 2005 - 07:38 AM

You can defragment your pc. This can make your computer mush faster. :thumbsup: Here you can read how to do this: http://support.microsoft.com/default.aspx?...kb;en-us;314848

If the trial of Spysweeper has expired, you must buy the software for further use.
You can't use the trial a second time. :flowers:

Edited by Mieke, 10 March 2005 - 07:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users