Strange erratic computer behavior.help!!

124

Comments

  • titewad_2
    titewad_2 Posts: 564 Forumite
    100 Posts
    my scan results::

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Uewez\Cjmc.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\fsqemgmt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Spyware Doctor\swdoctor.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\PROGRA~1\Toolbar\radio.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\lee\LOCALS~1\Temp\Rar$EX03.444\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
    O2 - BHO: PCTools Site Guard - !!5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - !!87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - !!8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
    O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Search Toolbar - !!339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Hiclvdq] C:\Program Files\Dadyy\Hfvscl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [Wrdts] C:\Program Files\Uewez\Cjmc.exe
    O4 - HKLM\..\Run: [Swynub] C:\Program Files\Olvcqi\Llfcrc.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [yzevsh] C:\WINDOWS\yzevsh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoLoaderqFoa1aPkOKaM] "C:\WINDOWS\system32\gdiclu.exe"
    O4 - HKLM\..\Run: [qs7Q3mS] gdiclu.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [bBo4RgemV] fsqemgmt.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "D:\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - !!2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: BT Yahoo! Sidebar - !!51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - !!51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
    O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: !!231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!2C20BF82-0B0A-467B-B43E-9D5C710792F4}: NameServer = 213.120.62.98 213.120.62.103
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • T4i
    T4i Posts: 1,845 Forumite
    Part of the Furniture Combo Breaker
    Paste those results in the empty box on this link

    http://hjt.iamnotageek.com/
  • titewad_2
    titewad_2 Posts: 564 Forumite
    100 Posts
    You may reference this log with this URL.

    http://hjt2.iamnotageek.com/log-0.html


    sorry I don't know how to make a proper link..
    results don't look good ,what can i do now please?
  • Rex_Mundi
    Rex_Mundi Posts: 6,312 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    From the list you've posted. You have two antivirus programs running on your system at the same time. The advice from every manufacturer is not to do this. There is too much chance of a conflict between the two programs running. This on its own is enough to slow your system down, let alone all the other junk you've got running in the background.

    Although the link T4i has posted will point out some of the nasties on your system. You would be better to post these results on a specific forum for Hijackthis logs. The people in these forums deal with hundreds of these every week, and would have a far better background in what you need to delete to clean up your computer. I can't find the links for the forums at the moment, I'm sure someone else out there has got these.
    How many surrealists does it take to change a lightbulb?
    ...
    ...
    ...
    ...
    Fish
  • T4i
    T4i Posts: 1,845 Forumite
    Part of the Furniture Combo Breaker
    Use Hijack this again and put a tick in the box to remove these entries:-

    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\Program Files\Common Files\WinTools\wtoolss.exe
    C:\PROGRA~1\Toolbar\tbps.exe
    C:\PROGRA~1\COMMON~1\WinTools\wtoolsa.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    C:\Program Files\Common Files\WinTools\wsup.exe
    O2 - BHO: (no name) - !!87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\wtoolsb.dll
    O2 - BHO: (no name) - !!8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: &Search Toolbar - !!339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [Adtools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\tbps.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\wtoolsa.exe
    O4 - HKCU\..\Run: [Ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    Generally Bad --> O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) <-- Always Remove
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\Mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\wtoolss.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Then scan again and post back the results. Its always good to reboot the p.c after removing stuff, it will show if the files keep coming back.
  • T4i
    T4i Posts: 1,845 Forumite
    Part of the Furniture Combo Breaker
    You can use the forums here to ask about your hijack log.

    http://forum.iamnotageek.com/f-130.html
  • Rex_Mundi
    Rex_Mundi Posts: 6,312 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Before removing all the items on the list that T4i has posted. I would post your full log on the forum that he has posted.

    Some of the processes that he has flagged up for fixing are perfectly legitimate programs and should NOT be fixed. You may find that some of your software doesn't work properly if you fix the whole list. The people on the forums deal with these logs all the time and are in the best position to advise on what you need to keep and what to remove.

    I'm sorry T4i for disagreeing with your advice, but some of the things on the list should not be touched and could affect the way the computer works.

    Hijackthis is a very powerful program. It can sort out a lot of problems where other programs don't work. On the other hand, fixing the wrong things can actually end up causing more problems than you already have. Get PROPER advice if you are not sure what needs fixing. It could save lots of headaches!
    How many surrealists does it take to change a lightbulb?
    ...
    ...
    ...
    ...
    Fish
  • bbb_uk
    bbb_uk Posts: 2,108 Forumite
    Rex_Mundi wrote:
    ...Some of the processes that he has flagged up for fixing are perfectly legitimate programs and should NOT be fixed. You may find that some of your software doesn't work properly if you fix the whole list..
    I agree some of the programs listed are legitimate but are not essential for system stability, and more importingly trying to determine the cause of titlewad's problems. Titlewad has probs with system resets (possibly BSoD's) and he has done tests which would seem to indicate its not memory problems but possibly software/driver issues.

    If I had these problems then I would use add/remove and remove all but absolutely essential software and then use HiJack and see what it reports and see if that helps to towards system stability. If the PC appears more stable then just install one program at a time and test that for a bit before moving on to the next program until such a time as it becomes unstable again.

    Remember one of these programs he has running (legitimate or not) may be the cause of the system instability and as you probably know its a (long) process of elimination. Any software that is uninstalled can always be re-installed at a later date.
    :j SayNoTo0870.com
  • T4i
    T4i Posts: 1,845 Forumite
    Part of the Furniture Combo Breaker
    Rex_Mundi,

    Exlpain legitimate program to me.....Is that the opposite to a fake program?

    All the progs on his p.c are legit........only legitimately crap!


    When fixing a p.c (software issue) you have to get rid of all the !!!! and start again loading software one at a time. Infact looking at the log in detail everything on there is not needed to run a p.c

    As someone said before he has 2 anti-virus app's that both need removing, thn we can advise on what anti-virus to use.

    His p.c is riddled with 'toolbars' etc so we need to make a start sopmewhere.

    I should of said to look in the add/removed progs for any of the entries in the hijack list. Some of the 'toolbars' can be found in add/remove progs under different names.
  • Rex_Mundi
    Rex_Mundi Posts: 6,312 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Rather than removing everything in one hit. I would remove one program at a time untill I found out which one was causing problems. Deleting everything at once, and you could end up with half a dozen programs not working properly. This would cause problems on its own and could be a right pain reinstalling the full versions again.

    Part of the list you've advised to delete are both antivirus applications. This I think is a very bad move. In one fell swoop this computer would have all its antivirus disabled because applications associated with them have been removed. It would be far better to decide which antivirus to keep, and uninstall the other one. Two antivirus programs running on a computer at the same time could be the cause of the problems. It is advised by all the antivirus manufacturers not to have two running at once. Different antivirus applications running at the same time could cause exactly the type of problems that the OP has now.
    How many surrealists does it take to change a lightbulb?
    ...
    ...
    ...
    ...
    Fish
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture