So, this is an all in one post... I suppose the pc shutting down could have/should have gone in Hardware World, but it may be related to software.

Anyway, the first issue I have is yesterday I noticed that I started getting an amazing amount of popups with the "IE" icon attached to it. I no longer use IE as my browser, so I am not quite sure why this is happening. The pop ups are just simply titled "Cannot Find Server" and in the window it says the usual "The page cannot be displayed etc..."

Like I said... I dont use IE any longer so I dont know why this happened. I have used spybot and Adaware and removed whatever they found, but still am getting these popups even when no browser window is open.

Should I run Hijack this as well? Might that help?

I also had a problem last night while this was going on... that my pc just restarted itself two times for no apparent reason. Well, it stopped doing that after a couple times. Later on, when I tried to shut down my computer... and I use Windows XP, it just rebooted. I tried to shut down again... and it rebooted again. It did this a number of times, and eventually it just shut down.

So, in closing UGH!!!!!! :D :D :D

Yes run hijackthis! and post the log.

Could also be viruses or trojans so scan for those too (look at security section of the everything guide (link in my sig)).


As for the restarting...right click my comp>manage>advanced>startup and recovery settings>uncheck "automatically restart...".
then it will show a blue screen rather than restarting. Write down the error you get on the blue screen then google for it to find a solution and\or post it here.

As for the restarting...right click my comp>manage>advanced>startup and recovery settings>uncheck "automatically restart...".
then it will show a blue screen rather than restarting. Write down the error you get on the blue screen then google for it to find a solution and\or post it here.[/QUOTE]


I will do the Hijack this thing later... but I have a question about the above...

if I change my settings as you say, and get a blue screen... which I dread !! :) ... what do I do from there? Is my computer shut down or on or ?? I dont get it!!

Also, it didnt happen yet, so I hope it doesnt, but if it does I will do the my computer thing and change that. Will keep you posted on the Hijack This log.

Oh, by the way, what is oote.exe? I am curious about this one. I cant get anything for it on google.

Ok Rossco, here's my Hijack this log:


Logfile of HijackThis v1.98.2
Scan saved at 8:05:20 PM, on 10/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\Marc G\Application Data\ooto.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Soulseek\slsk.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [Aisu] C:\Documents and Settings\Marc G\Application Data\ooto.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CE229C-FF06-48BF-ABC7-748B51F98AE5}: NameServer = "deleted"
O17 - HKLM\System\CCS\Services\Tcpip\..\{D945202A-B822-4633-B241-0F39A6AF89A5}: NameServer = "deleted"

For the Blue Screen when you get it write down all info you see, then either hit alt-ctrl-del twice to restart (i think that works) or hit power button on your computer.


edit: only problem i see in your hijackthis is this:
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll

It could very well be causing the popups.

you can use msconfig to remove oote.exe from your startup, then restart and make sure things are working. No clue what it is though. ;)

I tried deleting oote.exe from my applications folder.. but it wouldnt go... I think obviously because it was running. But, I suppose it is running because I need it. But, you would think if it was needed, then it would return results on google. So, I am still not sure about it.



So, as for the:

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll

Do I just select them on HT and then remove them? And, I should be good to go?

I am also installing Trojan Hunter and its stuck on the checking for a new update thing. Any ideas?

I can tell you that oote.exe isn't needed for windows to run. Just clock it with task manager and go to msconfig and disable it from starting up. Make sure all of your programs work (I'm sure they will) then i guess it's safe to delete the file...or leave it if you want.

For trojan hunter...i dunno i cant even run mine, im using TDS-3 (http://tds.diamondcs.com.au/) for now.

and yes just cplace a checkmark beside O2 and then click fix at the bottom of HJT.
Restart after and let me know how it goes.

O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe <-- unless you know what this is
O4 - HKCU\..\Run: [Aisu] C:\Documents and Settings\Marc G\Application Data\ooto.exe

O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab <-- this may reinstall your elite bar

you may have to show hidden files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

reboot and delete these files:
C:\windows\system32\winvyc32.exe
C:\Documents and Settings\Marc G\Application Data\ooto.exe

O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe <-- unless you know what this is
O4 - HKCU\..\Run: [Aisu] C:\Documents and Settings\Marc G\Application Data\ooto.exe

O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab <-- this may reinstall your elite bar

you may have to show hidden files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

reboot and delete these files:
C:\windows\system32\winvyc32.exe
C:\Documents and Settings\Marc G\Application Data\ooto.exe

Hey there Dopey...

Well, not quite sure what the "O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe" is...so, not sure about that one, but shall I run the Hijack this and delete this one?

Also, I didnt get what you mean by the following:

you may have to show hidden files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Thanks

Cancel the above, I misread it... thought it was something related to my computer and not a site just to show me how to do hidden files. Cheers

Also, I didnt get what you mean by the following:

you may have to show hidden files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Thanks

missed some things i guess. :(

he meant to do this:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

so you can view hidden files. Then delete the following files:
* C:\windows\system32\winvyc32.exe
* C:\Documents and Settings\Marc G\Application Data\ooto.exe

showed hidden folders.... rebooted, found that file
C:\windows\system32\winvyc32.exe

Attempted to delete it and get the "it cannot be deleted... in use or blah blah... I looked in task manager, and it's not running... so I dunno!!

Also, right after reboot, loads of popups

after the reboot you should be able to delete the file. :(

post a fresh log please.

Here ya go Dopey

Logfile of HijackThis v1.98.2
Scan saved at 12:30:28 AM, on 10/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot7_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CE229C-FF06-48BF-ABC7-748B51F98AE5}: NameServer = "deleted"
O17 - HKLM\System\CCS\Services\Tcpip\..\{D945202A-B822-4633-B241-0F39A6AF89A5}: NameServer = "deleted"

O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvyc32.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CE229C-FF06-48BF-ABC7-748B51F98AE5}: NameServer = "deleted"
O17 - HKLM\System\CCS\Services\Tcpip\..\{D945202A-B822-4633-B241-0F39A6AF89A5}: NameServer = "deleted"

Reboot into Safe Mode, run HJT again, tick & fix these items, then delete the file C:\windows\system32\winvyc32.exe and the folder c:\program files\partypoker\.
Then reboot and post a fresh HJT log.

Just a little side advice...i would not delete the following entries...i am asuming that you play poker via the net through the site www.partypoker.com which is a legit site...

c:\program files\partypoker\

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

Thanks Mully.... I wasnt planning on deleting Party Poker... as I am on their site as I am typing this... playing a game. Umm... smurfette, you be soooooo cute!!! Add galoot the the idjit ... it makes it more "Warner Bros. Sexier" !!!!

Thanks for the advice you guys/girls... I will see if this all works... but I am still getting popups llike mad.... searchtoools /adshits and whoknowswhat

Its so annoying!!!! And, they still display with IE and I dont friggin use IE anymore. Maybe I should take screen shots of the popups so you all can see what I am talkin' bout.

Anyway, I will do that on my next post if I remember.

Cheers.

Alright, I finally was able to delete that file, and I shall let ya all know if I have any more of those problems as stated earlier. Thanks for the help.

:)

Just a little side advice...i would not delete the following entries...i am asuming that you play poker via the net through the site www.partypoker.com which is a legit site...

c:\program files\partypoker\

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
That's as maybe, but if the user doesn't use IE, is there any point having that stuff installed?
EDIT: oh, just realised about the program files folder... I didn't think that web page games needed actual programs installed on your PC.

Alright, I finally was able to delete that file, and I shall let ya all know if I have any more of those problems as stated earlier. Thanks for the help.

:)
And take screenshots.

Do you use O&O defrag? that would explain the ooto.exe

http://forums.majorgeeks.com/showthread.php?t=38752

I'd get rid of those nasty number 17's too

@ Dan Nope... no O & O defrag that I know of... the only defrag that I run is Windows, but I heard there are better, less time consuming ones out there... which I am open to using.

And, as for those nasty 17's... well they will always seem to show every time I reboot... that is my guess. The part that says "deleted" is just my edit of my isp.

@ Rossco.... NO NO NO Screenshots!! :) JK What do you want a scnshot of specifically?

@ Rossco.... NO NO NO Screenshots!! :) JK What do you want a scnshot of specifically?
This:


Its so annoying!!!! And, they still display with IE and I dont friggin use IE anymore. Maybe I should take screen shots of the popups so you all can see what I am talkin' bout.

(screenshot of those popups you are getting)

Oh yeah!!!! duh lmfao!!!! Long weekend!!!

Anyway, I might have that problem solved, but if they do pop up again... I will lectcha know. Thanks again buddy!!!