Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

That time again: Having pop up/reboot problems :(

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

That time again: Having pop up/reboot problems :(

Old 08-03-05, 10:18 AM
  #1  
DVD Talk Gold Edition
Thread Starter
 
Join Date: Dec 2002
Posts: 2,934
Likes: 0
Received 0 Likes on 0 Posts
That time again: Having pop up/reboot problems :(

I ran spybot S&D, adware SE, spyware doctor (by pctools.com), cwshredder, AND MS anti spyware and deleted lots of stuff incluing VX2 crap (spyware doctor saw the VX2 stuff). I took out plenty of stuff. But after all was said and done, I STILL get occasional pop ups AND sometimes when I search on google I get a pop up of sorts.

This doesn't happen constantly or anything. I could do 10 searches on google and there'd be no pop ups, but after the 11th search I would get an MSN search pop up or something worse (I got upspiral once).

And that's not the worst part: MY COMPUTER IS RANDOMLY REBOOTING

In addition, AVG Sheild sometimes detects a trojan which I also move to the vault and delete. But it keeps popping up. Since it was a trojan I ran The Cleaner but it found nothing.

Well, this is my latest hijackthis.log. I honestly see nothing that could be doing it. Would appreciate any help. Thanks.

Note that Net Transport is a download manager that I've been using for weeks and is nothing dangerous.

Logfile of HijackThis v1.99.1
Scan saved at 4:27:10 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.ex*e
C:\WINDOWS\System32\svchost.ex*e
C:\WINDOWS\system32\rundll32.e*xe
C:\WINDOWS\system32\spoolsv.ex*e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.E*XE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOM*S.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched*.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jus*ched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgupsvc.exe
C:\WINDOWS\system32\svchost.ex*e
C:\WINDOWS\system32\wuauclt.ex*e
C:\Program Files\Internet Explorer\iexplore.exe
C:\setup files\anti Spyware\HijackThis.exe


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7*D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D4267*09BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\ies*dsg.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-00902*71D075B} - (no
file)
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445E*E161910} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF1*80C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\ies*dpb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868*B609932} -
C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E*2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dl*l
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOM*S.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.*exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched*.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jus*ched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgcc.exe
/STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dl*l/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dl*l/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport -
C:\PROGRA~1\Xi\NETTRA~1\NTAddL*ist.html
O8 - Extra context menu item: Download by Net Transport -
C:\PROGRA~1\Xi\NETTRA~1\NTAddL*ink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401*C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npj*pi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401*C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npj*pi150_04.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B*4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\ies*dpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C5*71A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\*REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD1*96348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD1*96348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-99525*47D5715} (Creative Software
AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B369*8F558BB} (HS_live Control) -
http://install.homestead.com/~site/Install...lpxlive/HS_li...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF*33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/...en/x86/client...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0*A5519FF}
(MsnMessengerSetupDownloadCont*rol Class) -
http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B76*6368D29} (Creative Software
AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15012/CTPID.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\SC5X_32.DL*L
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\a*vgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.e*xe

Last edited by Class316; 08-03-05 at 10:21 AM.
Old 08-03-05, 01:12 PM
  #2  
DVD Talk Godfather
 
DVD Polizei's Avatar
 
Join Date: Jan 2002
Posts: 52,618
Received 2 Likes on 2 Posts
Try an online scan by http://housecall.trendmicro.com/ . They have added spyware scanning too.
Old 08-03-05, 01:59 PM
  #3  
DVD Talk Gold Edition
Thread Starter
 
Join Date: Dec 2002
Posts: 2,934
Likes: 0
Received 0 Likes on 0 Posts
I think when I get home I'm going to reboot in safe mode, delete all temporary files, then run like 4 different scanners at once.
Old 08-03-05, 07:39 PM
  #4  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
It looks like you have some sort of Trojan on your system.
Disable System Restore
Before running AVG, make sure you have the latest definitions
Then, in Safe Mode, make sure you run AVG set to scan all files and folders etc.. Open AVG's>Tools>Complete TestSettings> "Test Center" and place a check mark on Everything!
Disable System Restore
You won't be able to run an online scanner in SafeMode.

You should not have any * in your HJT log.

Also, you may want to look into AVG's virus vault and notate the files and/or tojan name and post it here.
Old 08-04-05, 09:42 AM
  #5  
DVD Talk Gold Edition
Thread Starter
 
Join Date: Dec 2002
Posts: 2,934
Likes: 0
Received 0 Likes on 0 Posts
The *'s were more of a forum pasting thing. They're not on my log.

Ok, here’s the latest.

First off when I turned on my computer I had a virus/trojan SC5X_32.DLL in the system32 directory. AVG shield detected that and managed to heal that.

Next I went into safe mode, I used CleanUp to delete all temporary files. Then I used all these programs:

AVG (detected a couple of bad DLLs which I deleted)
Spyware Doctor
Spy Remover
Adware SE
Spybot S&D
CWShredder (deleted something forgot what)
The Cleaner

Then I rebooted back into windows and so far no pop up, out of nowhere, no google search gone bad and no random reboot! I THINK I FIXED IT ALL!!

Here’s my most up do date hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:41 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ShowDowN\mirc.exe

C:\setup files\anti Spyware\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html

O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121385846593

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.