Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Inqwire/Random Restarts


  • This topic is locked This topic is locked

#16
FHiL

FHiL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam

none of the files you asked to delete (if found) were present, however, c:\windows\belt.ini, 180ax_kyf.dat and 180axau.dat were found, should i delete those?

(edit p.1)

in my avast virus vault under system files is kernel32.dll, command.com, and wsock32.dll

just now noticed this, hopefully this will help out more.


(edit p.2)

here's hopefully a helpful list, those programs listed in the hijackthis uninstall manager list that are for a fact still on the computer:

Adobe Acrobat 4.0
Adobe Photoshop 7.0
AIM+ (remove only)
America Online
AOL Instant Messenger
avast! Antivirus
Carbon Copy 32 (?)
Chinese (Simplified) Language Support
Compaq Diagnostics for Windows
Compaq Digital Dashboard LED
Compaq Hardware Discovery
Compaq IE5 Custom US v2.6
Compaq IJ300 Electronic Registration
Compaq IJ600
Compaq OOBE Online
Compaq WebISP
Compaq WebReg v2.6
Compaq Wizard Host Online v2.6
CuteFTP
Easy Access Button Support
eDonkey2000
Hex Workshop v4.23
HijackThis 1.99.1
hp deskjet 970c series (Remove only)
HSP56 MicroModem Drivers
Indeo® Software
Intel Application Accelerator
Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Softw
Internet Explorer Q896688
Japanese Language Support
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_04
Korean Language Support
LiveJournal 1.4.6 (remove only)
LJ Comment Stats Wizard 1.0
Logitech iTouch Software
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft FrontPage Express
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.53
Microsoft Works 2000
MS Access 97 SP2
msconfig
Musicmatch® Jukebox
Nero - Burning Rom (on the computer but doesn't recoginize either of my burns as existing, totally unrelated annoying problem)
NeroMediaPlayer
Outlook Express Q823353
Panda ActiveScan
PokerRoom.com (remove only)
Pretty Good Solitaire 500 version 8.0.2
QuickTime
Recorder
Secure Delivery
Service Connection
Shockwave
SpywareBlaster v3.4
StepMania CVS (remove only)
System Files Update
TrojanHunter 4.2
UltimateBet
Universal Media Player
USB CompactFlash Reader
USB SmartMedia Reader
USB Storage Adapter V2
VB Runtime
VideoLAN VLC media player 0.8.2
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
WebIQ Client Software
Winamp (remove only)
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
WinZip
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

i may be wrong on some of those compaq ones or the windows updates, but i hope this helps.

Edited by FHiL, 30 November 2005 - 07:57 AM.

  • 0

Advertisements


#17
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)



none of the files you asked to delete (if found) were present, however, c:\windows\belt.ini, 180ax_kyf.dat and 180axau.dat were found, should i delete those?

Yes, delete those files.



in my avast virus vault under system files is kernel32.dll, command.com, and wsock32.dll

just now noticed this, hopefully this will help out more.

You can empty those files out of the vault also.



Please reboot and post a new hijackthis log.
  • 0

#18
FHiL

FHiL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:43:01 AM, on 12/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: iTouch.exe.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for : C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPOJI610.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#19
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks pretty good now.
How are things working for you? Are still having random restarts?
  • 0

#20
FHiL

FHiL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
restarts seem a little less frequent, although that could just be me. i also get the occasional "MMSystem007 not enough memory" error when trying to use winamp, not to mention the mouse needs to be re-installed every few restarts, i'll let you know in a few hours how the restarts really are.
  • 0

#21
FHiL

FHiL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok so since my last post it has restarted 5 times already, yikes.
  • 0

#22
FHiL

FHiL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
well im on a different computer right now, the restarts kept getting more and more frequent, til all of a sudden when it would reboot i would not get a picture on the monitor, so i tried a different monitor, and still, no luck. i'm thinking it's somehow a video card problem, or maybe even a memory problem.
  • 0

#23
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
My guess is memory(RAM), but it could also be your video card, as you've indicated. I do think at this point that we can rule out that malware is causing your problems.

You may want to start a thread at our hardware forum and let one of the experts there assist you.

http://www.geekstogo...p?act=SF&s=&f=9
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP