Mixologist Posted March 17, 2005 Share Posted March 17, 2005 Dope thanks Sigmata, i believe that's like 8 you've checked for me now lol Dee, idk i guess i could lol by the way is there any way i can put the xp pro you gave me on my ocmp without getting rid of all my programs Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 17, 2005 Share Posted March 17, 2005 There's ways around it. How much data is there? If there's not too much, stick it on a pile of writable DVD's or something. If there's LOADS, I guess you could partition your drive and move all the data you wanna keep onto a new partition. Then just format the C drive and install XP. You'd need partitioning software to do this. There's various ways, but to be honest I think I'd back the data up to DVD's and wipe the whole drive. Quote Link to comment Share on other sites More sharing options...
Steve Posted March 17, 2005 Author Share Posted March 17, 2005 Apart from that Advanced Toolbar, the log is OK Mixo. All those O18s are from a fucked up installation of a program. If you fix all the shit I mentioned the PC should run a fair bit better. Quote Link to comment Share on other sites More sharing options...
dissonance Posted March 22, 2005 Share Posted March 22, 2005 just ran one after my new install... thoughts... Logfile of HijackThis v1.97.7Scan saved at 7:35:07 PM, on 3/21/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\DeltTray.exeC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\hijackthis\HijackThis.exeC:\Program Files\hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [KAVPersonal50]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimizeO4 - HKLM\..\Run: [DeltTray] DeltTray.exeO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -minO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: Related (HKLM)O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 22, 2005 Share Posted March 22, 2005 Running processes: C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe These don't need to be running. Right-click your desktop > Properties > Settings > Advanced > Options > Untick "Enable ATI taskbar application". Go to Control Panel > Admin Tools > Services > double-click the ATI entries and set to "disable". You can still do everything you were able to do with these services running. All you need to do is right-click the desktop and choose Properties. C:\WINDOWS\System32\DeltTray.exe Not sure if you need this or not, it's just a soundcard configuration tool. C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exe Remove these. You don't need Real updating or starting automatically. I'm pretty sure you don't need that java entry either. O4 - HKLM\..\Run: [DeltTray] DeltTray.exe Soundcard config, again. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Not needed. O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe Not needed. O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 Right-click the D-Tools tray icon and deselect "Autostart". You don't need it starting with Windows, it's pointless. O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Get rid of it. O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Pointless. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Not sure about this. It's up to you whether you want it running, it's a non-vital Microsoft Office process. O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab Remove them. This is pretty much off the top of my head. Have Sigma confirm things, but nothing here looks bad. best thing to do next time you post a log is close as many applications as you can or do a restart don't open anything except Hijack This. Quote Link to comment Share on other sites More sharing options...
Steve Posted March 22, 2005 Author Share Posted March 22, 2005 I agree with Dee 100%. The Spybot active protection (sdhelper) also ain't all that useful, especially as you're using Firefox anyway. It's up to you if you remove that too, but all the stuff Dee mentioned can go. Make sure you set Kaspersky to use the extended databases too: - Settings (tab) - Configure Updater - Change Update type: to "From Internet, extended databases" - OK Kaspersky will then download extra definitions that protect against pornware, diallers etc. Quote Link to comment Share on other sites More sharing options...
dissonance Posted March 22, 2005 Share Posted March 22, 2005 thanks fellas! best thing to do next time you post a log is close as many applications as you can or do a restart don't open anything except Hijack This. my bad mates.... I knew I forgot something. Quote Link to comment Share on other sites More sharing options...
chile Posted March 22, 2005 Share Posted March 22, 2005 (edited) yo, my computers been running slow lately, both with webbrowsing and computational speed.. would greatly appreciate your technical knowledge sig or dee, thanks. heres the latest log; Edit: log after spysweeper, crap clean, NOD32 and ad-aware scan. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32krn.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\D-Tools\daemon.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\chilean\Desktop\COMPUTER MED PACK\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.karoo.co.uk/searchpage.aspR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=317O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -bO4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cabO18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe Edited March 22, 2005 by chile Quote Link to comment Share on other sites More sharing options...
chile Posted March 22, 2005 Share Posted March 22, 2005 ad aware jus deleted makemesearch... i just found and deleted 2 trojens with NOD32... urp :s Quote Link to comment Share on other sites More sharing options...
chile Posted March 22, 2005 Share Posted March 22, 2005 NOD32 jus deleted a third trojen :s Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 22, 2005 Share Posted March 22, 2005 Chile, can you do a restart of your PC, then post another log? Then we can see what Ad-aware and NOD32 took care of. Don't open anything but Hijack This after the restart. Quote Link to comment Share on other sites More sharing options...
chile Posted March 22, 2005 Share Posted March 22, 2005 (edited) log has been updated, check above Edited March 22, 2005 by chile Quote Link to comment Share on other sites More sharing options...
Steve Posted March 22, 2005 Author Share Posted March 22, 2005 Are you running MacAfee and NOD32 at the same time? Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 28, 2005 Share Posted March 28, 2005 Sig, are these java entries vital, or could I remove them. What do you think? Logfile of HijackThis v1.99.0Scan saved at 06:29:21, on 28/03/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files II\Security\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files II\Security\Hijack This! v1.99\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files II\Graphics\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [smcService] C:\PROGRA~2\Security\Sygate\SPF\smc.exe -startguiO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO23 - Service: kavsvc - Kaspersky Lab - C:\Program Files II\Security\Kaspersky Anti-Virus Personal\kavsvc.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDEngine.exeO23 - Service: PDScheduler - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDSched.exeO23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Program Files II\Security\Sygate\SPF\smc.exe Quote Link to comment Share on other sites More sharing options...
Relic Posted March 28, 2005 Share Posted March 28, 2005 Hi, I keep getting U@oolsv.exe in my task manager whenever ie opens its annoying is there any way to delete this for good? I need help thks. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 28, 2005 Share Posted March 28, 2005 Never heard of this one. Hang on... There isn't much info I could find from a Google search on it. This is one of the results: http://www.neowin.net/forum/lofiversion/in...hp/t231619.html My first suggestion is to avoid using IE though. Use FIrefox browser until we can get this sorted out. Quote Link to comment Share on other sites More sharing options...
Relic Posted March 29, 2005 Share Posted March 29, 2005 Ok thks Quote Link to comment Share on other sites More sharing options...
Steve Posted March 29, 2005 Author Share Posted March 29, 2005 Sig, are these java entries vital, or could I remove them. What do you think? Logfile of HijackThis v1.99.0Scan saved at 06:29:21, on 28/03/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files II\Security\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files II\Security\Hijack This! v1.99\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files II\Graphics\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [smcService] C:\PROGRA~2\Security\Sygate\SPF\smc.exe -startguiO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO23 - Service: kavsvc - Kaspersky Lab - C:\Program Files II\Security\Kaspersky Anti-Virus Personal\kavsvc.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDEngine.exeO23 - Service: PDScheduler - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDSched.exeO23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Program Files II\Security\Sygate\SPF\smc.exe The O9's are just extra menu items for IE. If you click on Tools, one of the options is Sun Java Console. Removing the entries from your log will just remove that option, so it's up to you. It won't make any difference to the speed of your PC. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 29, 2005 Share Posted March 29, 2005 Yeah, I didn't expect it to make a difference to the speed of my PC, just whether or not they need to be there. Cheers mang. Oh by the way, I found that the slider on my Internet Options page had been changed to LOW the other day. There was an entry in the Hijack This log saying something about IE's security, so I checked in IE and it'd been changed. I put it back to MEDIUM setting. Quote Link to comment Share on other sites More sharing options...
Steve Posted March 29, 2005 Author Share Posted March 29, 2005 That's happened to me a couple of times after running cracks for programs I've downloaded. One was the crack for Winamp Pro and I can't remember what the other was. Shady bastards. I think there's a way to lock the setting using the Group Policy Editor. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 29, 2005 Share Posted March 29, 2005 OK, I'll look into that. Quote Link to comment Share on other sites More sharing options...
chile Posted March 29, 2005 Share Posted March 29, 2005 Are you running MacAfee and NOD32 at the same time?<{POST_SNAPBACK}> i tryed uninstalling mcafee but i couldnt, so i deleted each file seperataly and removed it through add or remove programs in control panel... thought id got rid of it.. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 29, 2005 Share Posted March 29, 2005 You probably did, but there could be bits of stuff left over. Might be an idea to give the registry a clean if you haven't already. Run RegSeeker (see the DVKB section for a thread on this). Quote Link to comment Share on other sites More sharing options...
Guest Mike Reezy Posted March 31, 2005 Share Posted March 31, 2005 heres my log, anything amiss? Logfile of HijackThis v1.99.1Scan saved at 1:29:23 PM, on 3/31/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\Program Files\D-Tools\daemon.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\n?lookup.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\REZ Enterprises\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.craigslist.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.craigslist.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r2.attbi.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {12FDA2B1-155A-6AFD-0030-3C3654E9FFE1} - C:\WINDOWS\system32\lnpktj.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dllO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dllO4 - HKLM\..\Run: [ryjqvnr] c:\windows\system32\ryjqvnr.exeO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [mess 2 heart lite] C:\Documents and Settings\All Users.WINDOWS\Application Data\rdr surf mess 2\CurbKind.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /sO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /serverO4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] 1O4 - HKCU\..\Run: [Tcm] C:\WINDOWS\system32\n?lookup.exeO4 - HKCU\..\Run: [Rbpr] C:\Documents and Settings\Michael Rezendes\Application Data\tsah.exeO4 - HKCU\..\Run: [iav] C:\WINDOWS\System32\??chost.exeO4 - HKCU\..\Run: [Fordbits] C:\DOCUME~1\REZENT~2\APPLIC~1\DATABR~1\webphone.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostartO4 - HKCU\..\Run: [Aoco] C:\Documents and Settings\REZ Enterprises\Application Data\ecel.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\REZENT~2\LOCALS~1\Temp\Rar$EX00.531\FreeRAM XP Pro 1.40.exe" -winO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Free Software - C:\Program Files\Cool Timer\hh.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 31, 2005 Share Posted March 31, 2005 yes, there's several spyware infections. With just a quick scan I recognize one or two things. C:\WINDOWS\system32\n?lookup.exe is one of them. Google n?lookup.exe and you'll see. Also, those ATI graphics card services don't ever need to run. Go to Control Panel > Administrative Tools > Services, and double click the entries for ATI. There's two of them. Set them to Disabled and press Apply, OK. Also if you have your own firewall and anti-virus installed, C:\WINDOWS\system32\wscntfy.exe doesn't need to be running. This is the Windows Security Center introduced in Service Pack 2. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.