1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

computer keeps turning its self off !!

Discussion in 'Virus & Other Malware Removal' started by alij, Oct 31, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. alij

    alij Thread Starter

    Joined:
    Apr 4, 2005
    Messages:
    134
    please could someone help me,the computer keeps going off when im in the middle of something, usually on the internet.have done scan and found nothing.please could someone look at hijackthis log.thank you


    Logfile of HijackThis v1.99.1
    Scan saved at 10:30:29, on 31/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\blueyonder\PCguard\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\blueyonder\PCguard\RPS.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe (file missing)
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)
     
  2. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
    Please go to ControlPanel>Add/Remove>Programs and look for a program called Fun Web Products. Uninstall it if found.

    Close all other windows except HijackThis, put a checkmark against the following entry and have HijackThis fix it.

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab

    Download and run Sypbot and Adaware from my signature below. Update them. Remember to "immunize" spybot after every update. Run these programs and let them do their work following their instructions.

    Download . Ccleaner

    Click on Options, Select Advanced Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
    Make sure the Cleaner block on the left is selected. (Do not use the "Issues" block) Choose the Windows tab.
    Check everything EXCEPT cookies, the Autocomplete Form History and the Advanced part of the Menu.
    Choose Run Cleaner. This process could take a while.
    When CCleaner shows how much has been removed, cleaning is finished. Click Exit.

    Post a new HijcakThis log.
     
  3. alij

    alij Thread Starter

    Joined:
    Apr 4, 2005
    Messages:
    134
    hello,thank you for your help.sorry for delay in replying,also lost all internet connection yesterday.
    downloaded all programs recommended and ran them.a few problems were found nothing major.
    computer still turning itself off and then back on again through start up procedure.both on computer & internet.
    have included new hijackthis log please could you advise me.thanks again

    Logfile of HijackThis v1.99.1
    Scan saved at 09:58:59, on 01/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe (file missing)
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)
     
  4. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
  5. redoak

    redoak Gone but never forgotten

    Joined:
    Jun 24, 2004
    Messages:
    6,782
    When using CCleaner, I would not put checks by "Windows Log Files" and "Old Prefetch Data," esp. the latter. "Prefetch" is needed by the OS for proper, efficient functioning. Go to this earlier thread for background info: http://forums.techguy.org/t405302.html
    {redoak}
     
  6. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
    Redoak,

    Thanks for the warning. However, the updated version of Ccleaner only cleans the "old prefetch" not the whole prefetch folder.
     
  7. alij

    alij Thread Starter

    Joined:
    Apr 4, 2005
    Messages:
    134
    hi
    thanks for the help,sorry again for delay,have had to borrow husbands laptop to reply.still having trouble with computer.theses are the symptoms:
    computer just turns itself off,then automatically reboots back on again!
    lost internet connection [but can still use wireless connection through same modem]
    can not connect to internet as it can not find tcp/ip setting
    pc guard will not let me in to alter this
    can not delete pc guard programme which i think is causing all problems.
    delete it from add/remove but part of programme remains and reloads.
    would it be best to completely wipe computer and reload windows again?
    any suggestions would be welcome im pulling my hair out.
    thanks again
    :confused:
     
  8. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
    PCGuard is certainly a rogue program and should not be on your PC. However, I could not see any sign of it on your HJT log. Can you post a fresh HJT log please?
     
  9. alij

    alij Thread Starter

    Joined:
    Apr 4, 2005
    Messages:
    134
    thanks for the quick reply.
    i cant post a new log as i can not get on the internet to send from that computer.
    however the pcguard program is showing on the first hjt log as:
    C:\Program Files\blueyonder\PCguard\RPS.exe
    if there is a program i need to download i could do it on the laptop and copy it onto the main computer.
     
  10. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
    Try uninstalling bluyonder. See if you can get a fresh HijackThis log afterwards.

    Start>Control Panell>Add/Remove Programs.
     
  11. amateur

    amateur Malware Specialist

    Joined:
    Nov 6, 2004
    Messages:
    520
    If you are still not successful, you can try deleting PSGuard manually following the instructions below:

    Copy the following code into notepad (not wordpad):

    Code:
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD]

    Next, click File, then Save As…
    For File name: PSFIX.reg
    For Save as type: All Files
    Choose an easy to find location, such as your desktop, and click Save

    Locate PSFIX.reg and double click it.
    Click Yes to allow the merge with your registry.

    Next, navigate to C:\Program Files\ and delete the entire PSGuard folder.

    If the folder won’t delete, right-click and check the properties to ensure it’s not read-only.
    If it is, then uncheck the read-only attribute and try again. Individual files within the
    PSGuard folder may also have the same attribute. Clear them as necessary.

    Boot into Safe Mode and run Ewido again.
    Boot into Normal Mode
    Run an online virus scan again, run the HijackThis post a new HijackThis log and the result of the online scan and Ewido scan.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/412633

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice