1
Tech Clinic / xp constant rebooting
« on: May 22, 2004, 10:55:47 AM »
Try starting in safe mode ----tapping F8 key on start
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / Hijack This Log
« on: May 16, 2004, 06:26:10 PM »
You have problems! --anti-virus?
??
Go to trendmicro for free online scan>link http://www.trendmicro.com/en/home/us/enterprise.htm
You have trojans among other problems.
Download ---update --run--and fix with Adaware, Spybot1.3, and CWshredder. Close all windows and disconnect from the internet when you do this.
Links>>>> http://www.sherrylynn.us/privacypolicy
http://www.spywareinfo.com/~merijn/downloads.html .
HJT log---all these are bad.........................
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\scchostc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D}_ - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
Lets see what the programs will do and then repost a log.
This is really bad and may be a little over my head!
There are additional suspect files that I am not sure of yet.
This should be a start---maybe someone will give me a hand??!!
??Go to trendmicro for free online scan>link http://www.trendmicro.com/en/home/us/enterprise.htm
You have trojans among other problems.
Download ---update --run--and fix with Adaware, Spybot1.3, and CWshredder. Close all windows and disconnect from the internet when you do this.
Links>>>> http://www.sherrylynn.us/privacypolicy
http://www.spywareinfo.com/~merijn/downloads.html .
HJT log---all these are bad.........................
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\scchostc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D}_ - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
Lets see what the programs will do and then repost a log.
This is really bad and may be a little over my head!
There are additional suspect files that I am not sure of yet.
This should be a start---maybe someone will give me a hand??!!
3
Tech Clinic / xp constant rebooting
« on: May 14, 2004, 04:14:49 PM »
Hope your problems are over {worm}, its easy to remove Blaster/sasser worms.
It might be a good idea to run a HJT log , for your own use. Save a copy and if you run into a problem, you can see what the running process's were---before the problem. Don't forget those M$ updates!. Best of luck
It might be a good idea to run a HJT log , for your own use. Save a copy and if you run into a problem, you can see what the running process's were---before the problem. Don't forget those M$ updates!. Best of luck
4
Tech Clinic / Help me with Internet/Virus Problem!!
« on: May 14, 2004, 02:47:26 AM »
noticed HJT running from temp file, please download and unzip it to a permanet folder.
5
Tech Clinic / xp constant rebooting
« on: May 14, 2004, 02:43:23 AM »
http://www.microsoft.com/downloads/details...&displaylang=en <<<<sassar removal and please do all critical updates.
6
Tech Clinic / Help me with Internet/Virus Problem!!
« on: May 13, 2004, 06:48:13 PM »
Also, please delete all temp internet files and ALL TEMP files. 
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'
\' />
\' />
7
Tech Clinic / Help me with Internet/Virus Problem!!
« on: May 13, 2004, 06:40:56 PM »
None of these things need to be on your system>>>>>>>>>>>>>>>>>>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {44E54087-5D09-4D7A-B646-A6927CEF6B7B} - C:\WINDOWS\System32\idibfa.dll
This is a start, but first run all the programs you did at start, Ad-aware--Cwshredder, and be sure to update.
Then clean up any of these items listed with HJT.
There are also some 016 items that I have no idea what they are...........hiwirenetworks.net...........surfernetwork.net....chaincastvmr....
..expressit broderbund...... if you don't recognize these....delete. Its easy to get this stuff---hard to get rid of.
Post another log, and see if the problem is solved. If this doesnt work, we will look a little closer. Hope this helps
PS be sure to close ALL programs when running these programs, esp Cwshredder.
hope this helps.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idibfa.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {44E54087-5D09-4D7A-B646-A6927CEF6B7B} - C:\WINDOWS\System32\idibfa.dll
This is a start, but first run all the programs you did at start, Ad-aware--Cwshredder, and be sure to update.
Then clean up any of these items listed with HJT.
There are also some 016 items that I have no idea what they are...........hiwirenetworks.net...........surfernetwork.net....chaincastvmr....
..expressit broderbund...... if you don't recognize these....delete. Its easy to get this stuff---hard to get rid of.
Post another log, and see if the problem is solved. If this doesnt work, we will look a little closer. Hope this helps
PS be sure to close ALL programs when running these programs, esp Cwshredder.
hope this helps.
8
Tech Clinic / xp constant rebooting
« on: May 13, 2004, 03:28:33 PM »
If you are getting a "Remote Procedure Call" or a thirty second warning for shutdown, you are probably infected. W-32 Blaster worm does this , may be others. There is a way to stop the rebooting if the cause is a worm, enough to repair it.
9
Tech Clinic / xp constant rebooting
« on: May 13, 2004, 01:12:51 PM »
When your computer reboots, does it show an error window , or box?? Was wondering if it had a "countdown" box showing. Sounds much like a worm.
You can eliminate this as cause by running a free online scan >>> http://www.trendmicro.com/en/home/us/enterprise.htm . Just disable your anti-virus and run the scan {not forgetting to re-enable afterwords}.
It would still be a help to see a hijackthis log to start the process of elimination.
Once Malware/virus is ruled out, you can work on software/hardware issues. Windows rebooting is a common thing with virus, not to say it couldn't be from another cause, just sounds like a worm to me. Might find other things as well. Good luck!
You can eliminate this as cause by running a free online scan >>> http://www.trendmicro.com/en/home/us/enterprise.htm . Just disable your anti-virus and run the scan {not forgetting to re-enable afterwords}.
It would still be a help to see a hijackthis log to start the process of elimination.
Once Malware/virus is ruled out, you can work on software/hardware issues. Windows rebooting is a common thing with virus, not to say it couldn't be from another cause, just sounds like a worm to me. Might find other things as well. Good luck!
10
Tech Clinic / xp constant rebooting
« on: May 13, 2004, 03:13:10 AM »
internet connection should not cause constant rebooting of windows. Make sure your antivirus is up to date, run a scan. If clean , download a hijackthis scan and copy & paste it here. Do not "fix" anything. Just click save log and then copy. There are numerous virus that cause rebooting, so you should eliminate that as a cause first. .>>> http://www.spywareinfo.com/~merijn/downloads.html .
11
Tech Clinic / Help me with Internet/Virus Problem!!
« on: May 12, 2004, 04:39:08 PM »
I don't have a ready answer, but please post a new HJT log. Maybe there is something you missed. I am not familar with that problem, but lets have a look.
12
Tech Clinic / Might have a virus on my comp but not sure
« on: May 10, 2004, 04:32:55 PM »
Hello,Hawkfish. This could be a hardware problem, or possibly...?. I would disconnect keyboard and mouse , and then reconnect, see what happens.
Might be a virus?? do you have up to date protection???. If so , you can also run a free online scan, just disable your current antivirus. Sometimes things will be found with one, that was missed with another. Free scan>>> http://www.trendmicro.com/en/home/us/enterprise.htm
Next and most important, run a hijackthis scan and post it back here. Download to its own folder--do not run from desktop. Run the scan and click save-log, copy and paste back to this site. DO NOT FIX ANYTHING, that will come later. Hijackthis link>>> http://www.spywareinfo.com/~merijn/downloads.html
Lets see if its a malware/virus problem, or software/hardware.
I have a couple of other programs that can remove Aware/spyware {free] , but lets see what is really happening. A description of your system, anti-virus situation would be helpful.
Might be a virus?? do you have up to date protection???. If so , you can also run a free online scan, just disable your current antivirus. Sometimes things will be found with one, that was missed with another. Free scan>>> http://www.trendmicro.com/en/home/us/enterprise.htm
Next and most important, run a hijackthis scan and post it back here. Download to its own folder--do not run from desktop. Run the scan and click save-log, copy and paste back to this site. DO NOT FIX ANYTHING, that will come later. Hijackthis link>>> http://www.spywareinfo.com/~merijn/downloads.html
Lets see if its a malware/virus problem, or software/hardware.
I have a couple of other programs that can remove Aware/spyware {free] , but lets see what is really happening. A description of your system, anti-virus situation would be helpful.
13
Tech Clinic / Hijack this log
« on: May 09, 2004, 11:30:09 AM »
Hello, Mary. It is advised that you close all programs and internet explorer before using CWshredder. Also please Download --update and run, Ad-Aware and Spybot Seach & Destroy 1.2. Let them delete everything that is found {fix}. Next--HJT should be in its own folder. Next after running the other programs ---scan again using HJT , and post the results.
Ad -Aware instucts>>>>>>>
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"
Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"
Then.....
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"
Then...... click "proceed" to save your settings.
SpyBot download>>> http://download.com.com/3000-2144-10194058...tml?tag=lst-0-1
Lets fix it.
Ad -Aware instucts>>>>>>>
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"
Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"
Then.....
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"
Then...... click "proceed" to save your settings.
SpyBot download>>> http://download.com.com/3000-2144-10194058...tml?tag=lst-0-1
Lets fix it.
Pages: [1]