Jump to content


Photo

I really need help here


  • This topic is locked This topic is locked
5 replies to this topic

#1 imoverherenow00

imoverherenow00

    Member

  • New Member
  • Pip
  • 4 posts

Posted 28 July 2004 - 06:00 AM

Okay here's my problem. My computer froze and I tried to reboot, but it wont reboot it will access my cd rom drive instead of my hard drive. I tried to reboot a few hundred more times and it finally restarted, but it froze pretty quickly and I noticed everytime it freezes my cdrom drive's light is on.

I used hijack this thinking maybe its a trojan really messing with me, ill post the logfile, and maybe someone can help me fix this. Hopefully i'll be able to keep the computer on long enough to see a reply. Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 6:47:06 AM, on 7/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\POPUPWASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPWASHER21.DLL
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {DB9EA424-4709-4614-86E8-B80BDA957841} (BomLoadCtl Class) - http://www.primuslive.com/bomload.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8180.1680671296

#2 imoverherenow00

imoverherenow00

    Member

  • New Member
  • Pip
  • 4 posts

Posted 28 July 2004 - 06:44 AM

I just ran avast and it found a virus in my restore/temp folder it was a .cpy file I am hoping this is the problem and I fixed it

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 28 July 2004 - 06:34 PM

Also, it is a possibility that the BIOS battery is low. This could have caused it to revert to CD first boot order.
Have you checked in the BIOS for the correct Boot order?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 imoverherenow00

imoverherenow00

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 August 2004 - 06:48 PM

hi thx for replying I dont know how to check the bios battery but I did send the computer out to a repair shop and beefed up my ram the guy seemed to have fixed it but time will only tell. If you can help me with checking the bios battery I would appreciate it much

#5 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 August 2004 - 02:43 PM

Check the BIOS, and see what the boot order is set to.

Ususally, pressing the<DELETE> key will gice access to the BIOS.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#6 imoverherenow00

imoverherenow00

    Member

  • New Member
  • Pip
  • 4 posts

Posted 04 August 2004 - 05:29 AM

Dave,

Thank you for all your help im up and running again. I am also much more protected than before. I've got spyware blaster, spybotS&d, adaware, spysweeper, the cleaner, and cwshredder plus the avast antivirus. God I hope thats enough.

Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button