Something is shutting down my computer

Unknown · October 2004

Hi , if I try to run virus scan ,adware, search and destroy in normal mode it shuts down the computer, turns it right off. I have been able to run gris-soft in safe mode and adware as well. I tried to run search and destroy in safe mode it would scan part way through ( got in to the 9000's ) and shut down. I try to catch what that exact number was but couldn't . I did run hijackthis and I have saved the log . Before I post it , perhaps the moderator could tell me if I have found the correct forum for this .

Thanks

edcentric · October 2004

This sounds virus related.
Try posting in the security forum.

Any other issues? Home page re-directs or such?

edcentric · October 2004

OK, you have booted into safe mode with network access.
You have updated your AVG, Spybot and Adaware.
You have run them all, but Spybot will not finish?
Time to see the Hijack log.

pointsaddict · October 2004

Okay her is my log :

Logfile of HijackThis v1.98.2
Scan saved at 1:02:35 AM, on 10/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET CALL MANAGER\ICM.EXE
C:\PROGRAM FILES\GOMEZ\GOMEZPEER\BIN\GOMEZPEER.EXE
C:\PROGRAM FILES\GOMEZ\GOMEZPEER\JRE\BIN\JAVA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\CHRISTY'S MUSIC\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {948beb60-8f12-11d7-8722-0001800c5989} - (no file)
O2 - BHO: (no name) - {003eac00-a064-11d7-8722-0001800c5989} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: EditSource Class - {E07201D0-8DA2-4bb4-87B1-C1BAACEBF8BD} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\XPY.DLL
O2 - BHO: (no name) - {2DD23A95-2157-88B4-BEB7-C5CEB446DF5B} - (no file)
O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X1FF\X1FF.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {5A3EE0EB-3279-B89E-2B86-AC731335897B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: OPTIMUS - {32274E75-3785-46a6-9A54-DC5AD80CF184} - C:\WINDOWS\DOWNLO~1\OPTIMUS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\CHRISTY'S MUSIC\ICQTOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\welcome.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
O4 - Startup: Shortcut to GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - User Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
O4 - User Startup: Shortcut to GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O8 - Extra context menu item: &2 Customize Menu - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &3 Edit Identities - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComEditIdent.html
O8 - Extra context menu item: &4 Edit Passcards - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComEditPass.html
O8 - Extra context menu item: &5 Fill from Identity - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComShowToolbar.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\CHRISTY'S MUSIC\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\AIM.EXE
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComShowToolbar.html (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html (file missing)
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Christy's Music\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Christy's Music\ICQLite\ICQLite.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {32274E75-3785-46A6-9A54-DC5AD80CF184} (OPTIMUS) - http://www.opt2opt.com/toolbar/optimus.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

SpywareShooter · October 2004

O2 - BHO: (no name) - {948beb60-8f12-11d7-8722-0001800c5989} - (no file)
O2 - BHO: (no name) - {003eac00-a064-11d7-8722-0001800c5989} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: EditSource Class - {E07201D0-8DA2-4bb4-87B1-C1BAACEBF8BD} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\XPY.DLL
O2 - BHO: (no name) - {2DD23A95-2157-88B4-BEB7-C5CEB446DF5B} - (no file)
O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X1FF\X1FF.DLL
O2 - BHO: (no name) - {5A3EE0EB-3279-B89E-2B86-AC731335897B} - (no file)
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: OPTIMUS - {32274E75-3785-46a6-9A54-DC5AD80CF184} - C:\WINDOWS\DOWNLO~1\OPTIMUS.DLL
04 - HKLM\..\Run: [Welcome] C:\WINDOWS\welcome.exe
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComShowToolbar.html (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html (file missing)
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O16 - DPF: {32274E75-3785-46A6-9A54-DC5AD80CF184} (OPTIMUS) - http://www.opt2opt.com/toolbar/optimus.cab

Fix those entries, then find and delete the files listed above.

pointsaddict · October 2004

Thanks , that seems to have really helped a lot . Some of the things I use like Robo Form so I kept that . I was able to run SearchandDestroy in safemode after I did this , so that was cool. Have one more question. When I am downloading items from the internet it wants to save it in a temporary file, it used to ask if I want to save it to file first . I know there must be a simple setting to change this , but I can't remember what it is . Could you help with this ?

Thanks

Something is shutting down my computer

Comments