TechSpot

My PC is a mess....help please!

By Paris Cola
Mar 18, 2006
Topic Status:
Not open for further replies.
  1. Hi,

    My PC is a mess. Pop ups and it keeps shutting down.

    Bitdefender, Kaspersky, ad-aware didn’t help.

    Below is my HJT log.

    Can anyone help me out?

    Paris Cola


    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:44 PM, on 3/18/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\slserv.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINNT\system32\ctmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\explorer.exe
    C:\Program Files\hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [angeleyes] C:\Program Files\iSOad\msdll.exe
    O4 - HKLM\..\Run: [CT Monitor] ctmon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
    O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dxvid] c:\winnt\system32\dxvid.exe /nocomm
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
    O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
    O4 - HKLM\..\RunServices: [Windows Update Drive] drives.exe
    O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE
    O4 - HKLM\..\RunServices: [CT Monitor] ctmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
    O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/126p/html/gtdownlr.cab
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132555241728
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/sysiasvc32_EN.cab
    O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF0D385-2B0B-4C49-A161-5C025E1858CD}: NameServer = 194.74.65.68 194.72.0.114
    O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
    O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINNT\system32\wincntrl.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

  3. Paris Cola

    Paris Cola TS Rookie Topic Starter

    Hi Howard,

    I followed you suggestions and did all the scans but my PC still keeps shutting down and I still have all the pop ups.

    I have attached my new HJT log.

    Thanks

    Paris Cola
     
  4. dEXter_27

    dEXter_27 TS Rookie

    scan

    If u have a version of Bitdefender Free is suck
    try to download Bit defender 9 professional plus
    use key generator "BitDefenderPro-Keygen.exe" When key generated are no used from anoter user u can make update antivirus
    If the key is used u will tray again

    download ad-aware Se profesional 1.06r1
    and scan.
     
  5. dEXter_27

    dEXter_27 TS Rookie

    Key Generator

    :bounce: Happy Bitdefender :bounce:
     
  6. Paris Cola

    Paris Cola TS Rookie Topic Starter

    Hi,

    I tried Bitdefender and it didn't help.

    my log is attached in my post above if anyone can help?

    P Cola
     
  7. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    what do your anti-virus and multiple anti-trojan programs say?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    C:\Program Files\iSOad

    C:\Program Files\SpyBro

    Close control panel.

    Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).

    msdll.exe
    ctmon.exe
    msqsrc.exe
    dxvid.exe
    fgqklmitr.exe
    drives.exe
    wuapi.exe
    wincntrl.exe

    Close task manager.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate these services and double click on them. Select stop, if they are running and set the startup type to disabled. Click apply/ok.

    Windows Update Drive
    CT Monitor
    MS Dns Service
    Automatic Update Service
    NeroFilter
    NeroCheck

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [angeleyes] C:\Program Files\iSOad\msdll.exe
    O4 - HKLM\..\Run: [CT Monitor] ctmon.exe
    O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
    O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
    O4 - HKLM\..\Run: [dxvid] c:\winnt\system32\dxvid.exe /nocomm

    O4 - HKLM\..\Run: [fgqklmitr] c:\winnt\system32\fgqklmitr.exe fgqklmitr
    O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
    O4 - HKLM\..\RunServices: [Windows Update Drive] drives.exe
    O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE

    O4 - HKLM\..\RunServices: [CT Monitor] ctmon.exe
    O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart

    O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe (file missing)
    O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINNT\system32\wincntrl.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\Program Files\iSOad\msdll.exe
    c:\program files\common files\system\msqsrc.exe /install
    c:\winnt\system32\dxvid.exe /nocomm
    c:\winnt\system32\fgqklmitr.exe fgqklmitr

    drives.exe

    C:\Program Files\SpyBro\SpyBro.exe" /autostart

    C:\WINNT\System32\wuapi.exe
    C:\WINNT\system32\wincntrl.exe

    Reboot into normal mode and post a fresh HJT log.

    Regards Howard :)
     
  9. Paris Cola

    Paris Cola TS Rookie Topic Starter

    Hi Howard,

    Thanks for getting back to me!

    I followed your instructions and have attached my new log.

    Where to from here?

    P Cola
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Regards Howard :)
     
  11. Paris Cola

    Paris Cola TS Rookie Topic Starter

    Hi Howard,

    My PC is still shutting down and still has all the Casino and xxx pop ups?

    What can I do?

    P Cola
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I`ve looked at your HJT log again. I can`t see anything obviously nasty.

    However, there are a couple of entries that look a little suspicious.

    These are.

    O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S

    O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

    Uninstall both these pogrammes in safe mode, then delete the directories.

    Other than that, I can`t see anything wrong.

    Regards Howard :)
     
  13. dEXter_27

    dEXter_27 TS Rookie

    if u tried bitdefender u was anabled to make update to virus definitions?
    if not the key are used from another user. so try to generate another one
    i have on my computer Bitdefender 9 profesional plus , Avg free edition Ad-Aware
    and kerio fireware.
    the point is: The pc is clean No virus.
    but u must be careful "read the messages" and be whit yes in 4!
    P4c800;P4 2800 overclock 3200; 1G ram; 1,3 T Hdd
    I think i must be careful no ?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    We don`t talk about keygens here.

    Techspot does not condone piracy
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.