Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

That time again: Having pop up/reboot problems :(

Started by Class316 , Aug 03 2005 07:56 AM

  • Please log in to reply

#1
Class316
Posted 03 August 2005 - 07:56 AM

Class316

    New Member

  • Member
  • Pip
  • 7 posts
I ran spybot S&D, adware SE, spyware doctor (by pctools.com), cwshredder, AND MS anti spyware and deleted lots of stuff incluing VX2 crap (spyware doctor saw the VX2 stuff). I took out plenty of stuff. But after all was said and done, I STILL get occasional pop ups AND sometimes when I search on google I
get a pop up of sorts.

This doesn't happen constantly or anything. I could do 10 searches on google and there'd be no pop ups, but after the 11th search I would get an MSN search pop up or something worse (I got upspiral once).

And that's not the worst part: MY COMPUTER IS RANDOMLY REBOOTING :tazz:

In addition, AVG Sheild sometimes detects a trojan which I also move to the vault and delete. But it keeps popping up. Since it was a trojan I ran The Cleaner but it found nothing.

Well, this is my latest hijackthis.log. I honestly see nothing that could be doing it. Would appreciate any help. Thanks.

Note that Net Transport is a download manager that I've been using for weeks and is nothing dangerous.

Logfile of HijackThis v1.99.1
Scan saved at 4:27:10 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e­xe
C:\WINDOWS\system32\services.e­xe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.ex­e
C:\WINDOWS\System32\svchost.ex­e
C:\WINDOWS\system32\rundll32.e­xe
C:\WINDOWS\system32\spoolsv.ex­e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.E­XE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOM­S.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched­.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jus­ched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgupsvc.exe
C:\WINDOWS\system32\svchost.ex­e
C:\WINDOWS\system32\wuauclt.ex­e
C:\Program Files\Internet Explorer\iexplore.exe
C:\setup files\anti Spyware\HijackThis.exe


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7­D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D4267­09BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\ies­dsg.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-00902­71D075B} - (no
file)
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445E­E161910} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF1­80C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\ies­dpb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868­B609932} -
C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E­2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dl­l
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOM­S.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.­exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched­.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jus­ched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgcc.exe
/STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dl­l/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl­l/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport -
C:\PROGRA~1\Xi\NETTRA~1\NTAddL­ist.html
O8 - Extra context menu item: Download by Net Transport -
C:\PROGRA~1\Xi\NETTRA~1\NTAddL­ink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401­C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npj­pi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401­C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npj­pi150_04.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B­4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\ies­dpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C5­71A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\­REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD1­96348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD1­96348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-99525­47D5715} (Creative Software
AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B369­8F558BB} (HS_live Control) -
http://install.homes.....lpxlive/HS_li...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF­33E833C} (WUWebControl Class)
-
http://update.micros.....en/x86/client...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0­A5519FF}
(MsnMessengerSetupDownloadCont­rol Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B76­6368D29} (Creative Software
AutoUpdate Support Package) -
http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\SC5X_32.DL­L
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\a­vgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e­xe

Edited by Class316, 03 August 2005 - 01:58 PM.

  • 0

Advertisements

#2
Class316
Posted 03 August 2005 - 07:57 AM

Class316

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
delete

Edited by Class316, 03 August 2005 - 01:58 PM.

  • 0

#3
Class316
Posted 03 August 2005 - 09:20 PM

Class316

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here’s the latest.

First off when I turned on my computer I had a virus/trojan SC5X_32.DLL in the system32 directory. AVG shield detected that and managed to heel that.

Next I went into safe mode, I used CleanUp to delete all temporary files. Then I used all these programs:

AVG (detected a couple of bad DLLs which I deleted)
Spyware Doctor
Spy Remover
Adware SE
Spybot S&D
CWShredder (deleted something forgot what)
The Cleaner

Then I rebooted back into windows and so far no pop up, out of nowhere, no google search gone bad and no random reboot! I THINK I FIXED IT ALL!!

Here’s my most up do date hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:41 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ShowDowN\mirc.exe
C:\setup files\anti Spyware\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121385846593
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

On another note I think something I did corrupted my XP theme, cause I can't seem to get the green start button to come up!

Posted Image

Any tips on fixing that? Yes I did try changing the theme in display properties and I did try going on system properties, advanced, and playing with the display options there.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP