Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

xp restarts since sp2 every 2-3 hours

This is a discussion on xp restarts since sp2 every 2-3 hours within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. another computer restarts thread. mine started at the same time I installed sp2 and also installed different video editing tools(trying


 
 
Thread Tools Search this Thread
Old 09-26-2004, 07:27 AM   #1
Guest
 
Join Date: Sep 2004
Posts: 5
OS:



another computer restarts thread. mine started at the same time I installed sp2 and also installed different video editing tools(trying to find that perfect avi to mpeg) have since uninstalled all viedo converters and ran adware ,spybot, avg and online scan. found vbs krepper virus deleted file. I am still running in safe mode that is the only way it won't restart every 2- hours.

Logfile of HijackThis v1.98.2
Scan saved at 9:15:41 AM, on 9/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - c:\windows2\system32\tsextsex.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS2\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS2\System32\PuXpMan.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Poker - https://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Reversi - https://download.games.yahoo.com/game...ts/y/rt0_x.cab
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - https://17.sharedsource.org/html/Nrsg...1.0.0.3ie.cab?
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://public.windupdates.com/get_fi...43a23650ba3cd5
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - https://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - https://software-dl.real.com/028f3527...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_40/QDow_AS2.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://www.live365.com/players/play365.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - https://www.cjb.net/search.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - https://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - https://www.spybouncer.com/downloader/downloader.ocx
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows2\system32\tseese.dl
m1zz0u is offline  
Sponsored Links
Advertisement
 
Old 09-26-2004, 10:10 AM   #2
Guest
 
Join Date: Sep 2004
Posts: 5
OS:



now i get the blue screen about hardware
stop message
stop 0x0000000A
(0xac60038c,0x00000002,0x00000000,0x0x804eed80)
Thanks for any help
m1zz0u is offline  
Old 09-26-2004, 11:23 AM   #3
dai
TSF Team, Emeritus
 
Join Date: Jul 2004
Location: west australia
Posts: 78,002
OS: win 7 32x 64x rtm


https://support.microsoft.com/default...b;en-us;314063



dai is offline  
Sponsored Links
Advertisement
 
Old 09-26-2004, 11:37 AM   #4
Administrator
 
Horse's Avatar
 
Join Date: Oct 2003
Location: Durban South Africa
Posts: 4,870
OS: Windows 10 Home

My System

Send a message via MSN to Horse Send a message via Skype™ to Horse
Please download Adaware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. Also make sure to customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds.

Run an online scan at Trend Micro.
Please select the “autoclean” option when prompted to do so.

Please post a fresh Hijack This log so that we can check if your system is clean.

I do not subscribe to threads so please PM me the link when you have posted your new log
__________________
The Sky is not the limit - there are footprints on the Moon

Horse is offline  
Old 09-26-2004, 04:30 PM   #5
Guest
 
Join Date: Sep 2004
Posts: 5
OS:



I am not longer getting restarts after updating a few usb drivers? i did find a trojan and a virus after a few runs of antivirus here is the the hjt

Logfile of HijackThis v1.98.2
Scan saved at 6:23:40 PM, on 9/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS2\system32\Ctsvccda.exe
C:\WINDOWS2\system32\CTHELPER.EXE
C:\WINDOWS2\System32\NMSSvc.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS2\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS2\System32\PuXpMan.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\WINDOWS2\system32\rundll32.exe
C:\WINDOWS2\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS2\explorer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - c:\windows2\system32\tsextsex.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS2\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS2\System32\PuXpMan.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Poker - https://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Reversi - https://download.games.yahoo.com/game...ts/y/rt0_x.cab
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - https://17.sharedsource.org/html/Nrsg...1.0.0.3ie.cab?
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://public.windupdates.com/get_fi...43a23650ba3cd5
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - https://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - https://software-dl.real.com/028f3527...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_40/QDow_AS2.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://www.live365.com/players/play365.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - https://www.cjb.net/search.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - https://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - https://www.spybouncer.com/downloader/downloader.ocx
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows2\system32\tseese.dll
m1zz0u is offline  
Old 09-26-2004, 08:35 PM   #6
 
Join Date: Sep 2003
Posts: 5,955
OS:


Howdy!

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

PuXpMan.exe
sais.exe


Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - c:\windows2\system32\tsextsex.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS2\System32\PuXpMan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - https://17.sharedsource.org/html/Nrs..._1.0.0.3ie.cab?
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://public.windupdates.com/get_f... 3a23650ba3cd5
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - https://gamingzone.ubisoft.com/dev/p...s/GSManager.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://akamai.downloadv3.com/binari...thv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - https://software-dl.real.com/028f352...ip/RdxIE601.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://www.live365.com/players/play365.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - https://www.cjb.net/search.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - https://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - https://www.spybouncer.com/downloader/downloader.ocx
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows2\system32\tseese.dll


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS2\System32\PuXpMan.exe
c:\program files\180solutions\sais.exe


Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.
jgvernonco is offline  
Old 09-27-2004, 02:24 PM   #7
Guest
 
Join Date: Sep 2004
Posts: 5
OS:



also retarted last night w/ this error
stop [0xaca06fcc,0x00000002,0x00000000,0x0x804eed80]
is this caused by what I fixed in hjt or something else?


Logfile of HijackThis v1.98.2
Scan saved at 4:20:51 PM, on 9/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS2\system32\Ctsvccda.exe
C:\WINDOWS2\System32\NMSSvc.exe
C:\WINDOWS2\System32\MsPMSPSv.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\CTHELPER.EXE
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS2\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\rundll32.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS2\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS2\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Poker - https://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Reversi - https://download.games.yahoo.com/game...ts/y/rt0_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_40/QDow_AS2.cab
m1zz0u is offline  
Old 09-28-2004, 06:23 AM   #8
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System

It shouldn't have caused an error like that. Does this happen any time or just for certain programs?

Check and fix:

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_40/QDow_AS2.cab


Restart. You should be clean now. Any problems now?

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:56 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts