1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please can someone help ???

Discussion in 'Earlier Versions of Windows' started by alpenmoadl, Apr 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    Our Pc is acting weird..
    i am getting a lot of these messages....
    could this be a virus ? I have tried AVg and it seemed to be ok;
    who could please help?
    thanks - help highly appreciated.

    PSTORES caused an invalid page fault in
    module KERNEL32.DLL at 0167:bff70758.
    Registers:
    EAX=00000000 CS=0167 EIP=bff70758 EFLGS=00010216
    EBX=00000d2c SS=016f ESP=00dffd44 EBP=00dffd9c
    ECX=00000018 DS=016f ESI=00000058 FS=11af
    EDX=bff70758 ES=016f EDI=ffff1e81 GS=0000
    Bytes at CS:EIP:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Stack dump:
    00000124 000000fd 000000fd 00dffdb4 00000124 81895db0 c16414b0 00000000 00000058 00000058 00dffd9c 00dffd84 00dffdb4 bffc9490 c16414b0 00000001
    :confused: :confused:
     
  2. xico

    xico

    Joined:
    Jun 29, 2002
    Messages:
    29,787
    Go to Pandasoft.com and run its antivirus program; and then go to Microtrend.com and run theirs. Download spybot, install it, and download the updates. You can find this at google, and you can also get Lavasoft's Adaware and run it. You might not have a virus, but it could be a form of malware from an aggressive merchant. You might also want to run--after you've run these programs--HiJack This. Wish I could give you the url, but I just formated and reinstalled, so Im trying to collect all my old programs.
     
  3. kwill

    kwill

    Joined:
    Jan 5, 2003
    Messages:
    292
    Heres the HijackThis URL HijackThis
    PSTORES is associated with Internet Explorer 4 and Outlook Express - so I wouldnt think its a virus - try downloading the latest IE from Internet Explorer
     
  4. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    Logfile of HijackThis v1.97.7
    Scan saved at 12:56:12 PM, on 26/04/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = SHAW.MAIL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
    O4 - Startup: Greeting.lnk = C:\Program Files\Wizzard Software Corp\IVA\Apps\Greet.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Coches (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash5/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     
  5. Filewasp

    Filewasp

    Joined:
    Sep 12, 2003
    Messages:
    664
    Someone that is skilled at reading your post log will no doubt tell you exactly what to delete. I would recommend that you wait for advice from them. Meanwhile here is a basic overview of what the entries in the log mean. DO NOT FIX ANYTHING YET.

    Overview

    Each line in a HijackThis log starts with a section name.

    For practical information, click the section name you need help with:
    R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
    F0, F1 - Autoloading programs
    N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
    O1 - Hosts file redirection
    O2 - Browser Helper Objects
    O3 - Internet Explorer toolbars
    O4 - Autoloading programs from Registry
    O5 - IE Options icon not visible in Control Panel
    O6 - IE Options access restricted by Administrator
    O7 - Regedit access restricted by Administrator
    O8 - Extra items in IE right-click menu
    O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
    O10 - Winsock hijacker
    O11 - Extra group in IE 'Advanced Options' window
    O12 - IE plugins
    O13 - IE DefaultPrefix hijack
    O14 - 'Reset Web Settings' hijack
    O15 - Unwanted site in Trusted Zone
    O16 - ActiveX Objects (aka Downloaded Program Files)
    O17 - Lop.com domain hijackers
    O18 - Extra protocols and protocol hijackers
    O19 - User style sheet hijack

    --------------------------------------------------------------------------------

    R0, R1, R2, R3 - IE Start & Search page

    What it looks like:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.google.com/
    R3 - Default URLSearchHook is missing
    What to do:
    If you recognize the URL at the end as your homepage or search engine, it's OK. If you don't, check it and have HijackThis fix it.
    For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.
    --------------------------------------------------------------------------------

    F0, F1 - Autoloading programs

    What it looks like:
    F0 - system.ini: Shell=Explorer.exe Openme.exe
    F1 - win.ini: run=hpfsched

    What to do:
    The F0 items are always bad, so fix them.
    The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.
    --------------------------------------------------------------------------------

    N1, N2, N3, N4 - Netscape/Mozilla Start & Search page

    What it looks like:
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    What to do:
    Usually the Netscape and Mozilla homepage and search page are safe. They rarely get hijacked. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O1 - Hostsfile redirection

    What it looks like:
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    What to do:
    This hijack will redirect the address to the right to the IP address to the left. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.
    --------------------------------------------------------------------------------

    O2 - Browser Helper Objects

    What it looks like:
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    What to do:
    If you don't directly recognize a Browser Helper Object's name, use TonyK's BHO List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the BHO List, 'X' means spyware and 'L' means safe.

    --------------------------------------------------------------------------------

    O3 - IE toolbars

    What it looks like:
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)
    O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL
    What to do:
    If you don't directly recognize a toolbar's name, use TonyK's Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the Toolbar List, 'X' means spyware and 'L' means safe.
    If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data' (like the last one in the examples above), it's definitely bad, and you should have HijackThis fix it.
    --------------------------------------------------------------------------------

    O4 - Autoloading programs from Registry

    What it looks like:
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    What to do:
    Use PacMan's Startup List to find the entry and see if it's good or bad.
    --------------------------------------------------------------------------------

    O5 - IE Options not visible in Control Panel

    What it looks like:
    O5 - control.ini: inetcpl.cpl=no
    What to do:
    Unless you've knowingly hidden the icon from Control Panel, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O6 - IE Options access restricted by Administrator

    What it looks like:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    What to do:
    Unless you have the Spybot S&D option 'Lock homepage from changes' active, have HijackThis fix this.
    --------------------------------------------------------------------------------

    O7 - Regedit access restricted by Administrator

    What it looks like:
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    What to do:
    Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O8 - Extra items in IE right-click menu

    What it looks like:
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    What to do:
    If you don't recognize the name of the item in the right-click menu in IE, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O9 - Extra buttons on main IE toolbar, or extra items in IE 'Tools' menu

    What it looks like:
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    What to do:
    If you don't recognize the name of the button or menuitem, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O10 - Winsock hijackers

    What it looks like:
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'c:\progra~1\common~2\toolbar\cnmib.dll' missing
    O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll
    What to do:
    It's best to fix these using LSPFix from Cexx.org, or Spybot S&D from Kolla.de.
    --------------------------------------------------------------------------------

    O11 - Extra group in IE 'Advanced Options' window

    What it looks like:
    O11 - Options group: [CommonName] CommonName
    What to do:
    The only hijacker as of now that adds its own options group to the IE Advanced Options window is CommonName. So you can always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O12 - IE plugins

    What it looks like:
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    What to do:
    Most of the time these are safe. Only OnFlow adds a plugin here that you don't want (.ofb).
    --------------------------------------------------------------------------------

    O13 - IE DefaultPrefix hijack

    What it looks like:
    O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
    O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
    What to do:
    These are always bad. Have HijackThis fix them.
    --------------------------------------------------------------------------------

    O14 - 'Reset Web Settings' hijack

    What it looks like:
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
    What to do:
    If the URL is not the provider of your computer or your ISP, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O15 - Unwanted site in Trusted Zone

    What it looks like:
    O15 - Trusted Zone: http://free.aol.com
    What to do:
    So far, only AOL has the tendency to add itself to your Trusted Zone, allowing it to run any ActiveX it wants. Always have HijackThis fix this.
    --------------------------------------------------------------------------------

    O16 - ActiveX Objects (aka Downloaded Program Files)

    What it looks like:
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    What to do:
    If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.
    --------------------------------------------------------------------------------

    O17 - Lop.com domain hijacks

    What it looks like:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
    O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
    What to do:
    If the domain is not from your ISP or company network, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O18 - Extra protocols and protocol hijackers

    What it looks like:
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
    O18 - Protocol hijack: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
    What to do:
    Only a few hijackers show up here. The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those.
    Other things that show up are either not confirmed safe yet, or are hijacked by spyware. In the last case, have HijackThis fix it.
    --------------------------------------------------------------------------------

    O19 - User style sheet hijack

    What it looks like:
    O19 - User style sheet: c:\WINDOWS\Java\my.css
    What to do:
    In the case of a browser slowdown and frequent popups, have HijackThis fix this item if it shows up in the log.
    __________________
     
  6. alpenmoadl

    alpenmoadl Thread Starter

    Joined:
    Apr 24, 2004
    Messages:
    6
    ok I'll wait
    thanks
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Please someone help
  1. Jelieber
    Replies:
    0
    Views:
    180
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223524

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice