A couple issues, all websites taken over/windows unstable. -virus related i'm sure- - ComputerProblems.org Free Computer Support & Technology Discussion

Joseph Roth · #1 (**permalink**) 12-24-2007, 02:07 AM

Okay, so first off:

I have avasted,
spyboted,
ad-awared,
registry issue-checked through crap cleaner,
ran the software secunia inspector,
and just plain cleaned up this rig as best I knew how.

viruses found, of course, adware and spyware, removed...

but as if the smoke was cleared from a war fought for far too long,
the soil below was made vile it seemed. like, nothing could grow.

metaphors aside,

#1 windows explorer is unstable.
I read somewhere that it's doing this because there is a security breach somewhere.

For instance, common excersises such as Search for Files or Folders will become Non Responsive and then cause Windows Explorer to encounter and error and need to close. That's no good, I need to be able to search:/
Other common tasks cause windows to close, I can't place them off the top of my head, though..

and the big one that's causing a hair-pull-out-maneouvre,

#2 The 3-Times The Charm joke that's not a joke because it's not very funny.

So picture this; you're typing something in google, you mash down enter. cool, cool. okay, now it's time to click a link from those listed; now imagine every link you press you will be re-directed to some garbage with your search inquiry placed around half-naked low-quality gifs because yes,

yes,

when I search for the immigration policies from the Icelandic government I am really searching for "hot action with local singles" where one of the girls is named Immigrationpolicyiceland"

That's such a hot name, it turns me on.

In all seriousness though, I'll click the link 3 times. Always 3 for some odd reason, but first redirect, back back second, redirect, back back back third, redirect.

~

I don't know whether this is the effect of something I can't find with the programs I currently use, or whether this is indeed just what i'll have to deal with after cleaning this rig up, or what, but thank you and I appreciate anyone's feedback!

Joseph Roth · #2 (**permalink**) 12-24-2007, 02:09 AM

oh and the one below mine is a double post. sorry for being a bafoon, could someone delete that one?

SICS · #3 (**permalink**) 12-24-2007, 10:09 AM

Hi there,

Looks like you have some pretty nasty spyware on your machine. The first couple of things we need to do are the following:

1. We'll need you to run some more anti-spyware scans on your computer please download avg anti-spyware: ComputerProblems.org Free Computer Support & Technology Discussion - Downloads - AVG Anti-Spyware Free Edition

2. Once this has completed we'll need to check your hosts file:
You can use the run command to easily access the location of the host file just copy and past this in your run command:
C:\windows\system32\drivers\etc

Find hosts and right click on it and open with select notepad.

Make sure your hosts file looks like this; if it doesn't copy and paste the following code in your hosts file and overwrite what you currently have then save:

Code:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Once you have completed the above, the next step will be to post a hijack this log in this thread.

See this thread for the program: Hijack This

Once we get that we can further get into whats going on and get rid of what you have.

Joseph Roth · #4 (**permalink**) 12-26-2007, 11:52 AM

The problem that kept me a few days off was that the link you provided me for AVG: it would detect spyware but (ALWAYS) encounter an erorr, the message said "something bad happened" and it'd be forced to close. I tried pausing it when it found the stuff without completing the full scan, but could take no action. Restarting the computer, all fixes didn't work. I uninstalled AVG and downloaded a 30 day trial of Counterspy, which i'm liking, and it found some stuff and i could actually delete them.

anyway, here's my log.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 DriveCleaner - Home ## added by CiD
127.0.0.1 ErrorProtector - Fix damaged documents, video, music, images. Registry optimization ## added by CiD
127.0.0.1 ErrorSafe - Fix computer problem. Fix slow computer, corrupt file and hard drive errors. ## added by CiD
127.0.0.1 SystemDoctor - Fix damaged documents, video, music, images. Registry optimization ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 WinAntiVirus Pro 2005 - powerful antivirus protection against all viruses ## added by CiD
127.0.0.1 WinAntiVirus Pro 2005 - powerful antivirus protection against all viruses ## added by CiD
127.0.0.1 WinAntiSpam - ## added by CiD
127.0.0.1 WinAntiSpyware - spyware protection. Remove spyware, adware and trojans. ## added by CiD
127.0.0.1 WinAntiSpyware - spyware protection. Remove spyware, adware and trojans. ## added by CiD
127.0.0.1 WinAntiVirus Pro 2007 - Antivirus protection against all viruses, hackers, spyware ## added by CiD
127.0.0.1 WinAntiVirus Pro 2007 - Antivirus protection against all viruses, hackers, spyware ## added by CiD
127.0.0.1 WinDriveCleaner - ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 winfixer spyware anti removal free at winfixer2006.com ## added by CiD
127.0.0.1 WinSoftware ## added by CiD

CiD sounds awfully like some pirate-name or something.
When you said copy and paste and make sure you have this, did you mean delete this extra stuff at the bottom>?

Joseph Roth · #5 (**permalink**) 01-02-2008, 01:03 PM

and the hijack this results:

Logfile of HijackThis v1.97.7
Scan saved at 2:03:01 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Sunbelt Software\CounterSpy\Counterspy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCP\EVE\bin\ExeFile.exe
C:\Documents and Settings\JosephRoth\Local Settings\Temp\wzb4d6\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{E144A~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{E144A~1\reboot.ini -l0x9
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run IMVU (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D397150-5825-4F81-925A-5821C045E22A}: NameServer = 85.255.115.236,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{A399AAF3-2055-4BD0-8A0C-5DCAE2DA4B69}: NameServer = 85.255.115.236,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0AD15E7-BB63-452F-856B-60829815FFC2}: NameServer = 85.255.115.236,85.255.112.118
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

SICS · #6 (**permalink**) 01-03-2008, 06:53 PM

on the host file, erase everything that is in your host file and copy the one I have above and past that into your host file and then save it.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Welcome to the ComputerProblems.org Free Computer Support & Technology Discussion.
Welcome to ComputerProblems.Org, your source for PC technical help and information! You are currently viewing our boards as a guest which gives you limited access to view most discussions. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, access our arcade and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support.