1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Programs opening, but...only for a second

Discussion in 'Virus & Other Malware Removal' started by damienmccann, Sep 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. damienmccann

    damienmccann Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    6
    Hi all,
    I am having problems with my win 2000 computer. It seems certain programs are opening but only for a split second then they close by themselves. The programs that I am having problems with are, DOS programs, Norton AV 2004 and Task Manager. Any Ideas as I am close to a format. I have ran a virus scan and cwshredder and spybot to no avail. I have included the log to hijack this as it seems to prove useful in these cases. Any help on this matter would be gratefully taken. Thanks in advance guys...



    Logfile of HijackThis v1.98.2
    Scan saved at 17:13:32, on 14/09/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btbroadbandoffice.com/bbhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Business Broadband
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Taskbar Service] taskbar.svc
    O4 - HKLM\..\Run: [Backup Service] backup.svc
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Microsoft Update Machine] komwbyb.exe
    O4 - HKLM\..\Run: [Windows Media Player Update] peofupy.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] komwbyb.exe
    O4 - HKLM\..\RunServices: [Windows Media Player Update] peofupy.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] komwbyb.exe
    O4 - HKCU\..\Run: [Windows Media Player Update] peofupy.exe
    O4 - HKCU\..\RunServices: [Windows Media Player Update] peofupy.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: BT - {2603EA2A-305B-4D3E-8F8F-E9CBD3411171} - http://www.bt.com (file missing) (HKCU)
    O9 - Extra button: Homepage - {92E81058-55C6-4957-B2A4-3FFCA3F93A96} - http://www.btopenworld.com/default (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm going to move you to the "Security" forum since this is definitely a "security" issue.

    For now, print or save these instructions so you can view them in Safe Mode. Then restart in Safe Mode by pressing the f8 key promptly on startup and choosing from the startup menu.

    Once in Safe Mode run HijackThis and check and "fix" the following entries:

    O4 - HKLM\..\Run: [Taskbar Service] taskbar.svc
    O4 - HKLM\..\Run: [Backup Service] backup.svc

    O4 - HKLM\..\Run: [Microsoft Update Machine] komwbyb.exe
    O4 - HKLM\..\Run: [Windows Media Player Update] peofupy.exe

    O4 - HKLM\..\RunServices: [Microsoft Update Machine] komwbyb.exe
    O4 - HKLM\..\RunServices: [Windows Media Player Update] peofupy.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] komwbyb.exe
    O4 - HKCU\..\Run: [Windows Media Player Update] peofupy.exe
    O4 - HKCU\..\RunServices: [Windows Media Player Update] peofupy.exe

    >> It's possible Nav has found and deleted most or all of these files. But you will need to confirm. Before doing a file search for each of "exes" above, go to Folder Options > View and check "show hidden files". Also temporarily remove the check for "hide protected system files".

    Search for and delete all instances of the above "exes".

    After completing this, reboot and do a full online scan at House Call or Panda. After they clean up, post a new HijackThis Scanlog.

    HouseCall
    Panda
     
  3. damienmccann

    damienmccann Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    6
    Thanks Rollin` Rog. I removed the files you mentioned there and it seems to have solved the problem. I will do as you said and complete the online scans. Just one question though...What exactly caused this problem and what can I do to prevent this happening again as it's a bit of a pain. Again many thanks for your help on this matter.
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It's rather hard to judge based on what I can see of the configuration. But one of the most common sources of similar infections occurs through the use of file sharing applications. Other than that your main mission should be to ensure that your security patches are up to date and your settings meet the minimum criteria described in this thread:

    http://forums.techguy.org/showpost.php?p=1479174&postcount=1

    Personally I think conservative usage habits combined with critical updates are the best defense, and the addtional programs described in the post would probably not have prevented that particular infection.

    You should probably post another Scanlog after you complete any online scans and if the problem remains resolved I will so mark it.

    You're most welcome for the help.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273884

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice