Computer question...wtf is going on?

[KrazeeStacee]

The other secretary here must've downloaded something or looked at porn or something...but first of all everytime I restart, my homepage is reset to www.brutal-video.com or something...so I have to manually change it every time.

I've deleted my temp files, cookies, and history to see if that would help but it didn't.

Then I had that spyware crap in my AIM (buddypicture or whatever)...I got rid of that and now my Microsoft Works Word Processor isn't opening. I need that to do forms and shit, and I restarted 5 times and it still freezes whenever I click a document.

My other programs seem to work fine (Spreadsheet, etc), but I need to do some forms now and I can't because I can't open the damn program. It keeps freezing.

What the hell do I do?

[Nimrod]

Step 1 - Download ad-aware and run it
http://www.lavasoftusa.com/support/download/

Step 2 - Download Spybot and run it
http://www.safer-networking.org/inde...&page=download

Step 3 - If it still isn't working, dl Hijack This!
http://mjc1.com/mirror/hjt/
and run it and post your logs.

You may need to reinstall MS Works.

[KrazeeStacee]

Should I put my documents on disks just in case? Or will they stay intact?

[Nimrod]

Quote:

Originally posted by KrazeePumpkin
Should I put my documents on disks just in case? Or will they stay intact?

Your documents should be fine and unaffected, buut if it makes you feel better you can put them on a disk.

[sppunk]

This should be a sticky, because the someone has this happen each week.

[I_was_aborted]

If you mean while running spybot, adware and hijack this...they should all stay intact.

[Nimrod]

Quote:

Originally posted by sppunk
This should be a sticky, because the someone has this happen each week.

From now on I will just post a link to this thread.

[sppunk]

Quote:

Originally posted by Nimrod
From now on I will just post a link to this thread.

Yeah, and it's always you who gives the same tips on how to get rid of it. Next, KP will post that she was able to get rid of it using Spybot, and all is well now.

[Nimrod]

Quote:

Originally posted by sppunk


Yeah, and it's always you who gives the same tips on how to get rid of it. Next, KP will post that she was able to get rid of it using Spybot, and all is well now.

No, it will probably go to hijack this! I put it last because it's the least automatic.

[professional wannabe]

install Gator, and all ur problems will go away!

[KrazeeStacee]

Quote:

Originally posted by professional wannabe
install Gator, and all ur problems will go away!

DURR HURR HURR

I'm not the moron who installed this shit in the first place. kthx

[KrazeeStacee]

I did Adaware, 143 found

I did spybot, and it kept freezing up on me, i finally got through and there was like 10-15 different problems that showed up

I'm about to try that last one...works still isnt opening. I can't reinstall it because I don't have anything to reinstall it with.

I'm gonna fucking kill this kid. My work is just avalanching while i sit here and go through spyware bullshit.

FUCK IM GONNA KILL HIM

[Netphorian Gadabout]

Quote:

Originally posted by professional wannabe
install Gator, and all ur problems will go away!

No, dude, this totally requires BonziBuddy. The purple monkey will know what to do.

[DeviousJ]

Try running them in Safe Mode, and you might want to do a virus scan too. If Works keeps crashing it could be something serious like a hook into Explorer or something technical, which isn't good. Download everything, go to safe mode and do your thing (everything except Hijack This). Then reboot, run Hijack This and save the log, then show it here - don't fix anything with it just yet.

[KrazeeStacee]

I dont know how to restart in safe mode, on my other computer i just hold spacebar and the menu comes up but i don't know shit so someone help me.

this is the log anyhow:



Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\AXIS COMMUNICATIONS\PRINT SYSTEM\TRAYICON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://brutal-video.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://brutal-video.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://brutal-video.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP4,0,2,5.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\Print System\TrayIcon.exe
O4 - HKLM\..\Run: [Winkqv] C:\WINDOWS\SYSTEM\Winkqv.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

[I_was_aborted]

Try holding F8 to start up in safe mode while your computer boots.

[KrazeeStacee]

Well I restarted in Safe Mode, tried opening my programs, didn't work..."not responding"

I restarted in regular mode now.

Still, nothing.

[I_was_aborted]

I think he was wanting you to run hijack this while in safe mode....

[KrazeeStacee]

Quote:

Originally posted by DeviousJ
(everything except Hijack This). .

[I_was_aborted]

He was saying....Run spyware and fix the problems, run adware and fix the problems. Then restart in safe mode and run hijack this...then post the results.

[guz]

Quote:

Originally posted by I_was_aborted
He was saying....Run spyware and fix the problems, run adware and fix the problems. Then restart in safe mode and run hijack this...then post the results.

no, it was run adaware/spybot in safe mode, reboot and run hijack....not in safe mode.

[I_was_aborted]

Close enough.

[KrazeeStacee]

woah.

well i'm at home now, but i'm gonna take another try tomorrow.

[Axis of Action]

This shit has happened to me, when I was looking for a crack for... um, what was... Final Draft?

Anyhow, I think that Hijack This! program, which I've never heard of - but looks extremely useful - should point you to where the problem is & how to fix it.

[cowbite]

I had a similar thing happen. Hijack This! took care of it, no problem. I'd recomend Google-searching the the address that your homepage is set to. Normally, some post in a tech forum will show up and give you exactly the right steps.

Quote:

Originally posted by Pumpkins23836
No, dude, this totally requires BonziBuddy. The purple monkey will know what to do.

I remember having that annoying turd on my computer in 1998.

[DeviousJ]

Quote:

Originally posted by guz
no, it was run adaware/spybot in safe mode, reboot and run hijack....not in safe mode.

Yeah you need to do this, since in Safe Mode you won't get all the crap running which you normally do so Hijack This won't give all the details you need.

[DeviousJ]

Ok, all the running processes look fine. You'll want to check these boxes and set it to fix them - it saves backups (which you can reach through the config button) should anything go wrong:

Anything in the R1/0 section which mentions brutal-video and drusearch.

O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe <---- this looks like part of a trojan, you really need to update your virus scanner and run it as soon as possible


You might also want to get rid of O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime since there's no need for that crap to run every time you start the computer

[KrazeeStacee]

Quote:

Originally posted by DeviousJ
Ok, all the running processes look fine. You'll want to check these boxes and set it to fix them - it saves backups (which you can reach through the config button) should anything go wrong:

Anything in the R1/0 section which mentions brutal-video and drusearch.

O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe <---- this looks like part of a trojan, you really need to update your virus scanner and run it as soon as possible


You might also want to get rid of O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime since there's no need for that crap to run every time you start the computer

I did all that. Except the virus scanner cuz there isn't one on this computer.

I restarted my computer afterward.

My works isn't opening still, and on the desktop, the "drusearch" and "new cool search engine" are both saved and I checked the internet explorer before I opened it...and sure enough the webpage was reset to brutal-video.

What the fuck.

[DeviousJ]

Ok, go here and let it scan your machine. If you want a virus checker installed on your machine get AVG which is free. If you run Hijack This again and those keys are back, you probably have something installed which is resetting them every time your computer starts up. You need to get it cleared - do the housecall scan, then you could download AVG and run that to be extra sure. When you scanned with AdAware and Spybot, did you update them first?

Also, try going here and downloading CWShredder, the links are near the bottom. Sorry I can't help much here, but there are so many things which could be wrong.

Oh, you could try reinstalling Works too. Does double-clicking the file work instead of running works and then loading a file?