Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

It Just Went Crazy


  • Please log in to reply

#1
customcomp

customcomp

    Member

  • Member
  • PipPipPip
  • 246 posts
ok since the new upadte for counter strike: sorce came out everything has gone wrong.

when i try to load CS:S up it shuts down and my computer go's into stand by

and my programs sundely colsing ( such as HJT and IE )

and before i post my log i must say that i DONT have my xp cd. ( my copy of windows IS NOT copyed i just lost mine )

EDIT: i cant use task manager aswell

here is my log:


Logfile of HijackThis v1.99.1
Scan saved at 18:23:33, on 21/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\habboedit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\vbmicaq\kernel32.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\avbstx\svshost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\WINDOWS\system32\ipconfig.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - blank (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - blank (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [habboedit] C:\WINDOWS\system32\habboedit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\system32\vbmicaq\kernel32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\avbstx\svshost.exe
O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\avbstx\svshost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: habboedit - C:\WINDOWS\SYSTEM32\habboedit.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)

Edited by customcomp, 28 September 2005 - 11:52 AM.

  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi ,

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.


2. Remove Infections

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - blank (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - blank (file missing)
O4 - HKLM\..\Run: [habboedit] C:\WINDOWS\system32\habboedit.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\system32\vbmicaq\kernel32.exe
O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\avbstx\svshost.exe
O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\avbstx\svshost.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\WINDOWS\system32\avbstx\

Files
C:\WINDOWS\system32\habboedit.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\vbmicaq\kernel32.exe


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#3
customcomp

customcomp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
ok ill do them but i have school tomorrow so ill have to post back tommorow thanx
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
no problem
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP