Jump to content


Photo

please help


  • Please log in to reply
1 reply to this topic

#1 Neal

Neal

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 May 2004 - 07:35 PM

My computer has been fine unitl yesterday, now after the computer is on for 45 mins to an hour the resources crash extremely fast. When I try virus scans and adwatch it doesnt let me finish. Also when I first tried CWshredder it said something was blocking it from running, then it worked. Is there anything that can block the spywares from being detected ? When I finally got adwatch to scan it only detected cookies. Seems odd not one registry or process was detected. I also used the hijackthis this here is what I got.

Logfile of HijackThis v1.97.7
Scan saved at 8:18:27 PM, on 5/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\GATOR.COM\GATOR\GATOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://migration.ms...e53/default.asp
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\ABMTSR.EXE
O4 - Startup: PalNetaware.lnk = C:\WINDOWS\TEMP\pnetaware.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Gator eWallet.lnk = C:\Program Files\gator.com\gator\Gator.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8115.0000462963
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: Fortune Bingo by pogo - http://game2.pogo.co...o-ob-assets.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo06.pogo....1-ob-assets.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.c...t-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.co...m-ob-assets.cab

#2 Neal

Neal

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 May 2004 - 07:39 PM

I also tried another scanner xoftspy and it found 2020search but wouldnt let me delete it unless I paid. But neither searchanddestroy or adwatch is picking it up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button