1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

confuzzling stuff! er? virus?

Discussion in 'Virus & Other Malware Removal' started by big_pimp, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    I recently formatted my hardrive, cos it had been a long time since i've had this computer and many years of installing uninstalling deleting fixing chopping wiping cleaning and er well it just needed a reformat after so many years usage.

    However since the reformat i've been having some strange problems, I did something stupid, after i first reformatted cos my virus scanner needed such a huge update i left it for a few days cos i was only dial up, same with my firewall.

    Now i have some very strange problems

    I've turned absolutely everything on start up off, except the load power profiles etc etc.. just windows stuff

    my computer is hanging like crazy, but i dont seem to be having any memory problems, I keep getting messages saying my hard drive is full, that i might want to run disk clean up, even tho my disk isnt full i have over 4 gig free.

    i ran a full virus scan with Mcafee um i think its 7, but the virus signatures are fully updated, i also ran housecall... nothing at all, i ran spybot and adaware and again apart from cookies nothing suspicious is coming up. I've also ran housecall, and a free virus scanner from grisoft i think? not sure its uninstalled now.

    my computer tries to connect to the internet every 3 mins or so without my permission ( just the dial up box pops up as i've disabled the automatic feature) (this is with no programes running) it does this before windows has even fully loaded, ie i ran spybot and it asked to run on start up cos something it wanted to delete was in use, before windows had fully loaded and whilst spybot was running my computer was still constantly trying to connect to the net.

    I thought well, i've done a virus scan i've done a spyware scan, i'll do a defrag see if it at least helps the hanging. defrag said errors on disk pls repair b4 running defrag again. so i scanned c:\ many many files were found with mis-reported size i repaired all these, then it found a lost file fragment of 81920 bytes, i told it to just get rid and delete, it said it needed to restart cos a program or windows itself had written to the drive .. this happened 3 times finally it accepted deleting the file fragment. it then went on to scan the surface area of the disk, but was unable to do this as everytime the dial up thing popped up it restarted after i recieved the restarted 10x warning i just gave up.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:37:58 PM, on 4/11/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.com:8080;http=http://www-cache.freeserve.com:8080
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38076.025625
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
    O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab


    on msconfig autoexec.bat there is one strange thing

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanpm.exe C:\

    I'm not sure if this is my virus scanner.. probably is running on boot?

    occasionaly i get this...

    <unknown> has performed an illegal.... and will now close,

    this is all happening with just the following turned on at selective start-up

    ScanRegistry
    TaskMonitor
    SystemTray
    LoadPowerProfile
    LoadQm
    MCUpdateexe <--- just noticed this, its mcafee updater but everytime i turn it off i just realised its making another copy of itself, there are currently 3 versions of this, 1 is on 2 off
    SchedulingAgent
    LoadPowerProfile

    any ideas? ay├║deme!!! por favor
     
  2. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
  3. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
    1. Click on START then RUN

    2. In the run box type SYSEDIT

    3. Select the AUTOEXEC.BAT file

    4. Find the following line the autoexec.bat file:

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe C:\

    5. Change the line to

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan86.exe C:\

    6. Click on FILE then SAVE

    7. Close down SYSEDIT and restart your computer.

    8. If the PC is still slow repeat stages 1 to 3 but this time change the following line:

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan86.exe C:\

    Change the line to

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

    9. Click on FILE then SAVE

    10. Close down SYSEDIT and restart your computer.

    11. If the PC is still slow repeat stages 1 to 3 but this time change the following line:

    C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

    to

    REM C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

    12. Click on FILE then SAVE

    13. Close down SYSEDIT and restart your computer.

    There ya go :D

    ==============================
    Advice From A 12 Year Old!
    ==============================
     
  4. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    I will give this a try, i've just seen this advice elsewhere for mcafee on the link u told me to check, but as far as i can see this is just for problems on start-up isn't it? where as i dont really have any problems on start-up, i was just unsure as to what it was,

    i'll give it a try tho see if it helps, thx
     
  5. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    help still appreciated
     
  6. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    anyone :(
     
  7. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    could this be a bad install of some software? should i run back thru my installs and uninstall them re-install them 1 by 1? im lost here, don't really want to format again.. but i can see how a bad install would do all this if everythings turned off at startup.. does seem weird that no matter what i do i cant turn off mcafee auto updater, could that in turn be loading other components of mcafee? help :(
     
  8. big_pimp

    big_pimp Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    191
    still help :( :confused: :rolleyes:
     
  9. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
    Ok, sorry I don't know much about Hijack logs, im only 12 :(. Anyway, what you can do is go to http://www.google.com and search 1 by 1 the program name at start up.

    Ex: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

    Although it will take ling, if there is a ton of links to one of your log thingys then there were probably be removal directions..
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219385

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice