Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi all plz help! My pc freezes again =(

Started by paperone , Aug 24 2005 04:40 AM

  • This topic is locked This topic is locked

#1
paperone
Posted 24 August 2005 - 04:40 AM

paperone

    Member

  • Member
  • PipPip
  • 46 posts
:)

Like befor my computer has started to annoy me again fo ex when I play a game for exempel carom3d it freezes and I have to restart the pc mannualy becouse all the controlls don´t work. I do not know what it can be since it happens sometimes and sometimes not. :tazz:

PLZ help:

Here I send you my Hijackthis file:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:01, on 2005-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Mozilla Firefox\firefox.exe
E:\Programmi utili\vecchi\help program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ladda ner Alla med Net Transport - C:\Program\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Ladda ner med Net Transport - C:\Program\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

THX for all you help.
I will wait for your reply.

Regards
paperone
  • 0

Advertisements

#2
Guest_thatman_*
Posted 25 August 2005 - 01:25 PM

Guest_thatman_*
  • Guest
Hi paperone

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware se.
Click Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log and post the log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Run Ad-aware se let it remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Let the system reboot as normal.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#3
paperone
Posted 25 August 2005 - 05:31 PM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
THX thatman

I ll try that. I already got all the programs you told me to install and I am running them allmost every day to check my system.
Well I will reboot in safemode and scan both with adaware and evido now and send you the logs.

Thx for all your help

best regards

paperone :tazz:
  • 0

#4
Guest_thatman_*
Posted 26 August 2005 - 03:13 AM

Guest_thatman_*
  • Guest
Hi paperone

will be right here when you do.

Kc :tazz:
  • 0

#5
paperone
Posted 27 August 2005 - 05:10 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi again Thatman,

Again ty here is the evido log:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:47:39, 2005-08-27
+ Report-Checksum: 38D468DD

+ Scan result:

No infected objects found.


::Report End

Here is the adaware log:

Ad-Aware SE Build 1.06r1
Logfile Created on:den 27 augusti 2005 12:48:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R63 24.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R63 24.08.2005
Internal build : 73
File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 512535 Bytes
Total size : 1543974 Bytes
Signature data size : 1510909 Bytes
Reference data size : 32553 Bytes
Signatures total : 42991
CSI Fingerprints total : 1029
CSI data size : 36589 Bytes
Target categories : 15
Target families : 736

Here is the new scan from Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 13:00:05, on 2005-08-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Programmi utili\vecchi\help program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ladda ner Alla med Net Transport - C:\Program\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Ladda ner med Net Transport - C:\Program\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe


Plz let me know as soon as possible.

Could you tell me if Norton 2005 is good or not? I got it but it doesnt seem to be a great program. THX for you opinion

Regards
paperone
  • 0

#6
paperone
Posted 30 August 2005 - 04:26 PM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
:tazz: PLZ HELP :)

I am still waiting for reply.

PLZ help anyone?
  • 0

#7
paperone
Posted 31 August 2005 - 01:29 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hello is there anyone?

My PC is getting me nuts. It continues frezzing in all kind of situations. I even mad a on line scan with trendmicro and it had found some spyware which I removed. But it continues. :tazz:

PLZ Help

Regards

paperone
  • 0

#8
Guest_thatman_*
Posted 31 August 2005 - 03:16 AM

Guest_thatman_*
  • Guest
Hi :tazz:

Please follow the fix in full you have not scan with Panda as asked for.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Don't run HijackThis in safemode this is of little use to me.
Run HijackThis and post the new log.

Kc :)
  • 0

#9
paperone
Posted 31 August 2005 - 04:44 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi again thatman and thank you for your reply.

I did now tvice the scan with panda but something realy realy weird happens in the end of the scan.

:The window with the scan (EXPLORER) suddenly closes down and I am back on the desktop with no reason. "Weired"

I did the scan like I sad tvice and it found 1 suspicous file and 1 spyware.

What should I do since I cant send you any logfile couse the the window always closes itself. I also did the scan with trendmicro but no infections found. Norton which I got installed on my sys is just crap i guess and I will desinstall it. evido and adaware found nothing.

I am realy getting nuts never had this kind of problem please tell me what to do: :tazz: :) :)

regards

paperone
  • 0

#10
Guest_thatman_*
Posted 31 August 2005 - 06:06 AM

Guest_thatman_*
  • Guest
Hi paperone

Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Please post the log of infected files from the bottom panel of the scan window.

Reboot into safemode run the MWAV program

When completed reboot as noemal Post the MWAV LOG

kc :tazz:
  • 0

Advertisements

#11
paperone
Posted 31 August 2005 - 08:23 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hmm ok I did that now.

Here is the log below of the scan without safemode:

Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program\Norton AntiVirus\IWP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken.

Here is the one in savemode:

Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program\Norton AntiVirus\IWP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken.
Entry "HKCR\.csk" refers to invalid object "cskfile". Action Taken: No Action Taken.

I have even changed my antivirus software now from norton 2005 to avast which seems to be better.

I will wait for your reply. :tazz:

Thank you for all your time.

Regards

paperone
  • 0

#12
Guest_thatman_*
Posted 31 August 2005 - 08:41 AM

Guest_thatman_*
  • Guest
Hi paperone

Use windows add remove program file's uninstall the following:
C:\Program files\bearshare
C:\Program files\Limeware
If there is no uninstaller just delete the whole folder's

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CLASSES_ROOT\clsid\{905d0df2-3a0a-4d94-853c-54a12a745905}]
[-HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}]
[-HKEY_CLASSES_ROOT\gnufile]
[-HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}]
[-HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg]
[-HKEY_CURRENT_USER\appevents\schemes\apps\bearshare]
[-HKEY_LOCAL_MACHINE\software\bearshare]
[-HKEY_LOCAL_MACHINE\software\bearshare\installdir]
[-HKEY_LOCAL_MACHINE\software\classes\clsid\{558ec983-bedb-9168-b2de-31dbf0ee543e}]
[-HKEY_LOCAL_MACHINE\software\classes\ed2k]
[-HKEY_LOCAL_MACHINE\software\classes\ed2k\defaulticon]
[-HKEY_LOCAL_MACHINE\software\classes\ed2k\shell\open\command]
[-HKEY_LOCAL_MACHINE\software\classes\ed2k\shell\open\ddeexec]
[-HKEY_LOCAL_MACHINE\software\classes\ed2k\url protocol]
[-HKEY_LOCAL_MACHINE\software\classes\gnu]
[-HKEY_LOCAL_MACHINE\software\classes\gnu\defaulticon]
[-HKEY_LOCAL_MACHINE\software\classes\gnu\shell\open\command]
[-HKEY_LOCAL_MACHINE\software\classes\gnu\url protocol]
[-HKEY_LOCAL_MACHINE\software\classes\gnufile\browserflags]
[-HKEY_LOCAL_MACHINE\software\classes\gnufile\editflags]
[-HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command]
[-HKEY_LOCAL_MACHINE\software\classes\gnutella]
[-HKEY_LOCAL_MACHINE\software\classes\gnutella\defaulticon]
[-HKEY_LOCAL_MACHINE\software\classes\gnutella\shell\open\command]
[-HKEY_LOCAL_MACHINE\software\classes\gnutella\shell\open\ddeexec]
[-HKEY_LOCAL_MACHINE\software\classes\gnutella\url protocol]
[-HKEY_LOCAL_MACHINE\software\licenses\{056b3cf0d9ab991e1}]
[-HKEY_LOCAL_MACHINE\software\licenses\{i56b3cf0d9ab991e1}]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\ddeapplication]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\ddetopic]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\defaulticon]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\description]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\shellexecute]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\type\urn:bitprint]
[-HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare\type\urn:sha1]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\componentid]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\isinstalled]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\locale]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\version]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bearshare]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\displayicon]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\displayname]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\displayversion]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\helplink]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\publisher]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\uninstallstring]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare\urlinfoabout]
[-HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg]
[-HKEY_USERS\.default\appevents\schemes\apps\bearshare]

Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Doubleclick the file and confirm you want to merge it with the registry. Make sure you do this step first before going any further.

Reboot as normal

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#13
paperone
Posted 31 August 2005 - 10:02 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi again,

Here is the log of panda active scan:

Incident Status Location

Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT
Spyware:spyware/bargainbuddy No disinfected Windows Registry

And here is the new hijackthisfile:

Logfile of HijackThis v1.99.1
Scan saved at 18:03:16, on 2005-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program\Mozilla Firefox\firefox.exe
E:\Programmi utili\vecchi\help program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Waiting for your reply

regards

paperone :tazz:

Edited by paperone, 31 August 2005 - 10:04 AM.

  • 0

#14
Guest_thatman_*
Posted 31 August 2005 - 10:53 AM

Guest_thatman_*
  • Guest
Hi paperone

Use windows add remove program files uninstall the following:
C:\Program file's\ Bargain Buddy
C:\Program file's\BullsEye

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Bargains]
[-HKEY_LOCAL_MACHINE\Software\CashBack]
[-HKEY_LOCAL_MACHINE\Software\exactUtil]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CashBack]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bargains]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}]
[-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}]
[-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED14177}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}]
[-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}]
[-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}]
[-HKEY_LOCAL_MACHINE\Software\Classes\Apuc.UrlCatcher]
[-HKEY_LOCAL_MACHINE\Software\Classes\Apuc.UrlCatcher.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1]
[-HKEY_LOCAL_MACHINE\Software\Classes\CB.UrlCatcher]
[-HKEY_LOCAL_MACHINE\Software\Classes\CB.UrlCatcher.1]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZESOFT]
[-HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\_SC_ZESOFT]

Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Doubleclick the file and confirm you want to merge it with the registry. Make sure you do this step first before going any further.

Reboot as normal

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#15
paperone
Posted 31 August 2005 - 11:02 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi,

Ok no problem I can do the 2 part of whaat you asked me to do but the first part:

Use windows add remove program files uninstall the following:
C:\Program file's\ Bargain Buddy
C:\Program file's\BullsEye

I do not find this entries in my pc? :tazz:

What I will do now is to do the 2 part and get back to you.

THX
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP