[alfus21]

My computer has always been a piece of crap, but lately it's been freezing up more, and right in the middle of browsing it just restarts itself or shuts down....I've scanned for viruses several times and nothing is there, and I have no spyware on my computer because I have that scanned for and removed everyday...Any idea what could be causing my computer to screw up so bad or what I could do to help it?

[imported_torQQue]

My computer has always been a piece of crap, but lately it's been freezing up more, and right in the middle of browsing it just restarts itself or shuts down....I've scanned for viruses several times and nothing is there, and I have no spyware on my computer because I have that scanned for and removed everyday...Any idea what could be causing my computer to screw up so bad or what I could do to help it?

This only happens when you browse, right?

Try this.. Download firefox browser from www.mozilla.com and make it your default browser and see if this behavior continues.

If this works you can either just continuing using mozilla or get back with me and Ill tell you how to uninstall and then reinstall a clean copy of Internet Explorer.

[alfus21]

Yeah it only happens when I browse....I already use Mozilla and it's my default browswer so I don't know why it does that....I've tried using Netscape also, but it still restarts right in the middle of reading something on the internet or just freezes...What else could it be?

[imported_torQQue]

Since this behavior only happens when you are browsing its most likely viral or browser hijack..

Download Hijackthis from download.com and run a scan.. Choose to save your log file. Then paste the logfile contents in here and I will examine it for you and try to figure out whats causing the problem.

BTW, here is the link for hijackthis
http://www.download.com/HijackThis/3000-...ag=lst-0-1

[imported_torQQue]

Since this behavior only happens when you are browsing its most likely viral or browser hijack..

Download Hijackthis from download.com and run a scan.. Choose to save your log file. Then paste the logfile contents in here and I will examine it for you and try to figure out whats causing the problem.

BTW, here is the link for hijackthis
http://www.download.com/HijackThis/3000-...ag=lst-0-1

[alfus21]

I attatched it...I don't really understand much about that, but there it is...Let me know what's up...Thanks

[imported_torQQue]

<META http-equiv=Content-Language content=en-us>








Heres is some of your problems.





1. PacerDMedia.Installer

pcs_0031.exe)



Type: Trojan

A Trojan that silently installs other programs without consent.



Category: Trojan Downloader

A Trojan that silently installs other programs without consent.



Threat level: High

Programs that might collect your personal information and negatively affect your
privacy or damage your computer, for example, by collecting information or
changing settings, typically without your knowledge or consent.



Author: PACERD, LTD



Description: PacerDMedia.Installer is a Trojan Downloader that contacts a remote
webserver to download various adware and trojan files.






2. 0006_regular.cab (This is

some type of virus of spyware as well) Its bad so get rid of it. Installed
through an activex handler.










3. autodisc.exe (This is trojan virus with backdoor

capabilities to your computer. Meaning most likely your computer is serving
files to a IRC community)














W32/Spybot-CB attempts to move itself to
AUTODISC.EXE in the Windows

System folder and creates entries in the registry at the following
locations to run

itself on system logon:


HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\


Windows Data Server = AUTODISC.EXE




HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\


Windows Data Server = AUTODISC.EXE




W32/Spybot-CB also attempts to copy itself

to the startup folder of attached

network drives and can be used to record the keystrokes on the
compromised

machine, effectively acting as a keylogger. This worm can also be
used to initiate SYNFlood attacks.




W32/Spybot-CB remains resident, running in

the background as a service

process and listening for commands from remote users via IRC
channels.




W32/Spybot-CB attempts to terminate various

programs including the

following:























W32/Spybot-CB is a network worm with backdoor
Trojan functionality.





































Please re-scan your computer with hijackthis again and remove

any entry from your log that I have highlighted in purple.










Logfile of HijackThis v1.99.1


Scan saved at 9:38:36 PM, on 2/20/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\system32\autodisc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ICQLite\ICQLite.exe

C:\DOCUME~1\Wright\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = file://C:\WINDOWS\system32\Searchx.htm

R3 - Default URLSearchHook is missing

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} -
C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator
7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security
2005\pccguide.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK
Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} -
http://www.pacimedia.com/install/pcs_0031.exe

O16 - DPF:
{7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0...egular.cab

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
[url="file:///C:/PROGRA~1/TRENDM~1/INTERN~1/tmproxy.exe"]
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[/url]










Once you remove these. Do another scan and post the new log file and well see

if we got rid of them.




If hijack doesnt remove all of them we will have to manually remove them from

the registry.

[alfus21]

Damn..That's quite a few problems..Here's the 2nd logfile...Let me know how it looks now...Thanks QQ..:thumb:

[imported_torQQue]

The autodisc.exe is still running. Its going to have to be manually removed from the registry.

[alfus21]

The autodisc.exe is still running. Its going to have to be manually removed from the registry.

How would I go about doing that?

[imported_torQQue]

Does your registry editor work?

Hit your start button , then click on "run"

Type 'cmd' in the run command line and press enter..and see if it pulls up the registry edtior.

[imported_torQQue]

If it does.. Ill give you instructions on removing it.

[alfus21]

Yeah I got that up, so now what..

[imported_torQQue]

Locate the HKEY_LOCAL_MACHINE entry: (if the registry editor works)

then browse follow the following hiearchy by hitting the plus signs next to each until you reach the Run folder.. You will highlight that folder and then look on the right side.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

Look to the right and see if you see this entry..
Windows Data Server = AUTODISC.EXE



While your there copy and paste every thing that you see in your run folder in the registry editor. I will examine it and tell you what to remove.

[alfus21]

The Registry Editor isnt working..My computer froze when I thought it was..How do I get that up if you don't mind me asking?

[imported_torQQue]

The virus is preventing you from opening it. Do this.

Using Windows explorer, browse to the Windows folder (usually C:\Windows right-click Regedit.exe and make a copy of it.

Rename the copy of Regedit.exe to Regedit.com.

At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor should open

[thetribe]

QQ if I have a logfile of one of those scans could you tell me if anything needs to be removed from mine?

[alfus21]

I done exactly what you told me, but it can't find Regedit.com when I put it in...

[alfus21]

OK I got the Registry Editor up now...

[imported_torQQue]

follow that hiearchy I posted earlier about the reg edit and paste whatever is in the right side under the run folder in here.

[imported_torQQue]

QQ if I have a logfile of one of those scans could you tell me if anything needs to be removed from mine?

yup just post it in here and ill review it.

[thetribe]

Logfile of HijackThis v1.99.1
Scan saved at 2:08:14 AM, on 2/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cain\Abel.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SouthEast Telephone Web Accelerator\PropelAC.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluegrassrivals.com/extreme3/forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\SouthEast Telephone Web Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\10pwgl0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\SouthEast Telephone Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\RunOnce: [zj6376j.exe] C:\WINDOWS\System32\zj6376j.exe /k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\RunOnce: [zj6376j.exe] C:\WINDOWS\System32\zj6376j.exe /k
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\SouthEast Telephone Web Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\SouthEast Telephone Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\SouthEast Telephone Web Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E1DCE9B-875D-418C-B619-176DD6EC28EC}: NameServer = 66.63.192.2 66.63.192.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Abel - oxid.it - C:\Program Files\Cain\Abel.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

This is it. You don't have to help me but if you do get some free time, could you just give it a quick glance?

[alfus21]

It wont let me cut and paste but there was no sign of the folder autodisk...
What was in there was...
Default
Alcx Monitor
KernelFaultCheck
Mirabilis ICQ
pccguide.exe
QuickTime Task
RoxioDragtoDisk
SunJavaUpdateSched

[imported_torQQue]

remove them all alfus.. (just right click each entry and hit delete) then update your virus definitons.. then boot into safe mode and new a virus scan..

You boot into safe mode by restarting your computer and pressing F8 while your computer is rebooting. Its best to start tapping F8 over and over as soon as the computer starts displaying anything at all. Once in safe mode scan your computer for virues..

[imported_torQQue]

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 2</title>
</head>

<body>



Remove the entries in purple. </p>


&nbsp;</p>


The entry in red leave it alone for now. Im not sure what it is.. Are you
using somekind of web acceleration software or program called wincap?</p>


&nbsp;</p>


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cain\Abel.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\WINDOWS\SYSTEM32\USRshutA.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\SouthEast Telephone Web Accelerator\PropelAC.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\LClock\lclock.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
<a target="_blank" href="http://g.msn.com/0SEENUS/SAOS01">
http://g.msn.com/0SEENUS/SAOS01</a&gt;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
<a target="_blank" href="http://www.bluegrassrivals.com/extreme3/forum/index.php">
http://www.bluegrassrivals.com/extreme3/....php</a&gt;

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = http=localhost:8080

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} -
C:\Program Files\SouthEast Telephone Web Accelerator\prpl_IePopupBlocker.dll

<font color="#800080">O2 - BHO: (no name) -
{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\10pwgl0.dll

O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx</font>

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Propel Accelerator] &quot;C:\Program Files\SouthEast Telephone Web
Accelerator\trayctl.exe&quot; /STARTUPLAUNCH

O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices
\Device\3cpipe-USRpdA

<font color="#800080">O4 - HKLM\..\RunOnce: [zj6376j.exe]
C:\WINDOWS\System32\zj6376j.exe /k</font>

<font color="#800080">O4 - HKCU\..\Run: [NVIEW] rundll32.exe
nview.dll,nViewLoadHook</font>

O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe

<font color="#800080">O4 - HKCU\..\RunOnce: [zj6376j.exe]
C:\WINDOWS\System32\zj6376j.exe /k</font>

O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe

O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\SouthEast
Telephone Web Accelerator\pac-addwl.html

O8 - Extra context menu item: Refresh Pa&amp;ge with Full Quality - C:\Program
Files\SouthEast Telephone Web Accelerator\pac-page.html

O8 - Extra context menu item: Refresh Pi&amp;cture with Full Quality - C:\Program
Files\SouthEast Telephone Web Accelerator\pac-image.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\MSMSGS.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{8E1DCE9B-875D-418C-B619-176DD6EC28EC}:
NameServer = 66.63.192.2 66.63.192.3

<font color="#800080">O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} - &quot;C:\PROGRA~1\MSNMES~1\msgrapp.dll&quot;
(file missing)</font>

O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l

<font color="#800080">O23 - Service: Abel - oxid.it - C:\Program Files\Cain\Abel.exe</font>

<font color="#800080">O23 - Service: Kodak Camera Connection Software (KodakCCS)
- Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe</font>

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

<font color="#FF0000">O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe&quot; -d
-f &quot;%ProgramFiles%\WinPcap\rpcapd.ini (file missing)</font></p>


&nbsp;</p>


&nbsp;</p>

</body>

</html>

[alfus21]

Nothing was found on the virus scan

[imported_torQQue]

Nothing was found on the virus scan

well thats great. can you give me another scan. After revieing your second log I see that Hijack removed the autodisc.exe from your run directory. Im assuming after a reboot that the process should be dead now. Because no virus was detected. But ya post me one more scan to make sure.

BTW< is your computer still shutting off..

[alfus21]

Well my computer is just a big pile of shit..It froze right before I tried posting this for the 1st time, so I dont know what it could be...But it had quit shutting off since early on in this process...Heres the scan...Probably still something in there...If not I dont know what could be freezing this all the time..

[alfus21]

It just froze again, so I'll just have to wait until tomorrow to work on it again, thanks for all the help QQ, I really appreciate it...:thumb:

[imported_torQQue]

Thats a pretty log file now alfus.. No sign of the autodisc.exe either..

I suggest that you download adaware se from http://www.lavasoft.com and scan your computer..

Empty all your browser history, cache and temporary internet files..

Then defragment your hard drive.. (probably will take allnight) So start defragging right before you go to bed) .. before you start defragging make sure you turn off your screensaver if you have one..

If this doesnt improve performance I would consider reformatting as some parts of the registry may have become corrupt.. Doesn't sound like a hard ware issue. But its possible. Bad ram, bad hard drives and even bad power supplies can cause computers to shut off under little or no work load.. But like I said, try those options and see how things go. If it still continues I will walk you through reformatting that machine. If it continued after a reformat then we could start looking into hardware related problems.