Problems w/Windows XP

crazyturkey · 10-26-2004, 06:55 PM

I've been encountering chronic problems with my computer for the past few years but I've always managed to get by with the numerous crashes, ads and viruses. However recently it's gotten to be too much so I've been trying to really reset my pc to its original state. What I'm having a problem with is drive partitions. Since my PC is split into 2 drives, when I seem to try to reformat, it only lets me reformat 1 drive at a time and when I reboot, the drive which wasn't reformatted is still infected and corrupts the new drive. Now for the past 2 weeks I constantly reformat but I keep getting the same problem. Just today, I reformatted and upon my first startup, I get gay porn popups and a 60 second message box before a force boot. I'm new to these forums, so I'm looking as to what I can do next.

Thanks,
Turky

crazyturkey · 10-26-2004, 07:18 PM

Logfile of HijackThis v1.98.2
Scan saved at 10:16:53 PM, on 26/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
D:\WINDOWS\System32\svcchosts.exe
D:\WINDOWS\System32\cnstat.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\NetAssistant\bin\mpbtn.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\ftp.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Start Uppings] svcchosts.exe
O4 - HKLM\..\Run: [LOLss] wssdsfgsd.exe
O4 - HKLM\..\Run: [Windows Compliant] lbfvdu.exe
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [Start Uppings] svcchosts.exe
O4 - HKLM\..\RunServices: [LOLss] wssdsfgsd.exe
O4 - HKLM\..\RunServices: [Windows Compliant] lbfvdu.exe
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LOLss] wssdsfgsd.exe
O4 - HKCU\..\Run: [Start Uppings] svcchosts.exe
O4 - HKCU\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKCU\..\Run: [Windows Compliant] lbfvdu.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: NetAssistant.lnk = D:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54B50B78-F2B7-4DBC-AF30-95E8370540A6}: NameServer = 206.47.244.87 206.47.244.52

this was run after the update to adaware and the housecall scan

**jgvernonco** · 10-26-2004, 11:35 PM

Howdy!

You have both drives installed on the computer for this log? If you do not, hook that second one up. Generally, HJT will read them both.

Let us know.

crazyturkey · 10-27-2004, 06:26 AM

Both drives are hooked up to it for that scan.

**jgvernonco** · 10-27-2004, 01:56 PM

On with the show...

I don't know if this little jewel came courtesey of your ISP, or some other source. It's really not a good thing:

D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have Support.com installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself.
------------------------------------------------------------------------
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

svcchosts.exe <- Do not confuse this with svchost.exe, as that is a necessary program.
cnstat.exe
wssdsfgsd.exe
lbfvdu.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

D:\WINDOWS\System32\svcchosts.exe
D:\WINDOWS\System32\cnstat.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Start Uppings] svcchosts.exe
O4 - HKLM\..\Run: [LOLss] wssdsfgsd.exe
O4 - HKLM\..\Run: [Windows Compliant] lbfvdu.exe
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\RunServices: [Start Uppings] svcchosts.exe
O4 - HKLM\..\RunServices: [LOLss] wssdsfgsd.exe
O4 - HKLM\..\RunServices: [Windows Compliant] lbfvdu.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

D:\WINDOWS\System32\svcchosts.exe
D:\WINDOWS\System32\cnstat.exe
wssdsfgsd.exe
lbfvdu.exe

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

10-26-2004, 06:55 PM	#1 (permalink)
crazyturkey Registered User Join Date: Oct 2004 Posts: 3 OS: Windows XP	Problems w/Windows XP I've been encountering chronic problems with my computer for the past few years but I've always managed to get by with the numerous crashes, ads and viruses. However recently it's gotten to be too much so I've been trying to really reset my pc to its original state. What I'm having a problem with is drive partitions. Since my PC is split into 2 drives, when I seem to try to reformat, it only lets me reformat 1 drive at a time and when I reboot, the drive which wasn't reformatted is still infected and corrupts the new drive. Now for the past 2 weeks I constantly reformat but I keep getting the same problem. Just today, I reformatted and upon my first startup, I get gay porn popups and a 60 second message box before a force boot. I'm new to these forums, so I'm looking as to what I can do next. Thanks, Turky

10-26-2004, 07:18 PM	#2 (permalink)
crazyturkey Registered User Join Date: Oct 2004 Posts: 3 OS: Windows XP	The HiJack log Logfile of HijackThis v1.98.2 Scan saved at 10:16:53 PM, on 26/10/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe D:\WINDOWS\System32\svcchosts.exe D:\WINDOWS\System32\cnstat.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\NetAssistant\bin\mpbtn.exe D:\WINDOWS\system32\cmd.exe D:\WINDOWS\system32\cmd.exe D:\WINDOWS\system32\ftp.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Start Uppings] svcchosts.exe O4 - HKLM\..\Run: [LOLss] wssdsfgsd.exe O4 - HKLM\..\Run: [Windows Compliant] lbfvdu.exe O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\RunServices: [Start Uppings] svcchosts.exe O4 - HKLM\..\RunServices: [LOLss] wssdsfgsd.exe O4 - HKLM\..\RunServices: [Windows Compliant] lbfvdu.exe O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LOLss] wssdsfgsd.exe O4 - HKCU\..\Run: [Start Uppings] svcchosts.exe O4 - HKCU\..\Run: [System Failure Statistic] cnstat.exe O4 - HKCU\..\Run: [Windows Compliant] lbfvdu.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: NetAssistant.lnk = D:\Program Files\NetAssistant\bin\matcli.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54B50B78-F2B7-4DBC-AF30-95E8370540A6}: NameServer = 206.47.244.87 206.47.244.52 this was run after the update to adaware and the housecall scan

10-26-2004, 11:35 PM	#3 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	Howdy! You have both drives installed on the computer for this log? If you do not, hook that second one up. Generally, HJT will read them both. Let us know. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

10-27-2004, 06:26 AM	#4 (permalink)
crazyturkey Registered User Join Date: Oct 2004 Posts: 3 OS: Windows XP	Yea Both drives are hooked up to it for that scan.

10-27-2004, 01:56 PM	#5 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	On with the show... I don't know if this little jewel came courtesey of your ISP, or some other source. It's really not a good thing: D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have Support.com installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself. ------------------------------------------------------------------------ Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it): svcchosts.exe <- Do not confuse this with svchost.exe, as that is a necessary program. cnstat.exe wssdsfgsd.exe lbfvdu.exe Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): D:\WINDOWS\System32\svcchosts.exe D:\WINDOWS\System32\cnstat.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Start Uppings] svcchosts.exe O4 - HKLM\..\Run: [LOLss] wssdsfgsd.exe O4 - HKLM\..\Run: [Windows Compliant] lbfvdu.exe O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe O4 - HKLM\..\RunServices: [Start Uppings] svcchosts.exe O4 - HKLM\..\RunServices: [LOLss] wssdsfgsd.exe O4 - HKLM\..\RunServices: [Windows Compliant] lbfvdu.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: D:\WINDOWS\System32\svcchosts.exe D:\WINDOWS\System32\cnstat.exe wssdsfgsd.exe lbfvdu.exe Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt