Please Help This Novice.

Hi All

I'm currently having problems with my PC and I'm lead to believe that it is a spyware problem. When I start up everything is fine but after 20 minutes or so I lose the ability to do everyday tasks. Such as if I'm working on a document in Word it won't let me save or click on file, edit, window etc. Also my shutdown button, my documents, search etc disapper on the start menu and I'm not able to use task manager and have to re-boot.

I have run the following programs to try and combat this problem but to no joy.

Shredder
Spybot search & destroy
AVG
Ad-Aware
Hi-Jack This

Now I'm a bit of a novice when it comes to things like this and have tried to resolve the matter myself. My Hi-Jack This report is below and if it shows things on there that should be on my system then I apologise in advance.

Change of plan, can't get into my documents so going to have to re-boot. I will post my report in 2 mins.

Regards

Bazxtreme

 

Logfile of HijackThis v1.97.7
Scan saved at 18:45:52, on 22/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\Mixer.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Barry Quinnel\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {12 - (no file)
O2 - BHO: (no name) - {12B - (no file)
O2 - BHO: (no name) - {12BA - (no file)
O2 - BHO: (no name) - {12BA0 - (no file)
O2 - BHO: (no name) - {12BA04 - (no file)
O2 - BHO: (no name) - {12BA043 - (no file)
O2 - BHO: (no name) - {12BA043E - (no file)
O2 - BHO: (no name) - {12BA043E- - (no file)
O2 - BHO: (no name) - {12BA043E-2 - (no file)
O2 - BHO: (no name) - {12BA043E-29 - (no file)
O2 - BHO: (no name) - {12BA043E-293 - (no file)
O2 - BHO: (no name) - {12BA043E-293E - (no file)
O2 - BHO: (no name) - {12BA043E-293E- - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4C - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4- - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7- - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-84 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-846 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-84609 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-846093 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460934 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460934F - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460934FE - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460934FE80 - (no file)
O2 - BHO: (no name) - {12BA043E-293E-4CE4-A8C7-8460934FE801} - (no file)
O2 - BHO: (no name) - {20 - (no file)
O2 - BHO: (no name) - {206 - (no file)
O2 - BHO: (no name) - {206E - (no file)
O2 - BHO: (no name) - {206E5 - (no file)
O2 - BHO: (no name) - {206E52 - (no file)
O2 - BHO: (no name) - {206E52E - (no file)
O2 - BHO: (no name) - {206E52E0 - (no file)
O2 - BHO: (no name) - {206E52E0- - (no file)
O2 - BHO: (no name) - {206E52E0-D - (no file)
O2 - BHO: (no name) - {206E52E0-D5 - (no file)
O2 - BHO: (no name) - {206E52E0-D52 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E - (no file)
O2 - BHO: (no name) - {206E52E0-D52E- - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-1 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4- - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-A - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD5 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54- - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-00 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-000 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E8 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C2 - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A - (no file)
O2 - BHO: (no name) - {AA - (no file)
O2 - BHO: (no name) - {AA5 - (no file)
O2 - BHO: (no name) - {AA58 - (no file)
O2 - BHO: (no name) - {AA58E - (no file)
O2 - BHO: (no name) - {AA58ED - (no file)
O2 - BHO: (no name) - {AA58ED5 - (no file)
O2 - BHO: (no name) - {AA58ED58 - (no file)
O2 - BHO: (no name) - {AA58ED58- - (no file)
O2 - BHO: (no name) - {AA58ED58-0 - (no file)
O2 - BHO: (no name) - {AA58ED58-01 - (no file)
O2 - BHO: (no name) - {AA58ED58-01D - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d9 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-83 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-833 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Barry Quinnel\WebInstall.exe /R
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Downloads (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.crosscomnational.com/iNotes.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37885.314212963
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Here is my Hi-Jack this file.

 

Cheers Halo, just done another scan and here is my updated log file. Quite a report you say, I think once on Ad-Aware I had 1234 entries. I've been told thats very high.Logfile of HijackThis v1.97.7
Scan saved at 19:04:59, on 23/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\Mixer.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Documents and Settings\Barry Quinnel\Desktop\HijackThis.exe

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Barry Quinnel\WebInstall.exe /R
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Downloads (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37885.314212963
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B034F840-BC36-4F47-A663-13A9E2620178}: NameServer = 194.74.65.68 194.72.9.38

I will go to those links, thank you for your help so far.

 

Ok I've run the homescan and no virues were detected. Checked the internat file and that is the windows file as it is 20 kb in size and has the ? icon on it as stated at the other site provided.