Infinite Posted January 13, 2005 Share Posted January 13, 2005 That's worked a treat, pop-up solved. Cheers for the help Sigma and Deeswift. One more thing though, there's now one more java file appeared after deleting in common files....bptre.exe. Should this be deleted? Quote Link to comment Share on other sites More sharing options...
Steve Posted January 13, 2005 Author Share Posted January 13, 2005 I've no idea what it is and Google returns 0 results. Usually that means it's not a legit file. I'd try renaming it to bptre.bak for a few days and see what effect it has on your machine. If all is well then delete it. Quote Link to comment Share on other sites More sharing options...
Nimrod Posted January 15, 2005 Share Posted January 15, 2005 yo sig is it cool if you have a look over this? its been a while since i had deleted a few processes that you told me to delete... Logfile of HijackThis v1.98.2Scan saved at 10:53:52, on 15/01/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\DeltTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Matt\Desktop\slsk.exeC:\PROGRA~1\MOZILL~1\firefox.exeC:\Program Files\iTunes\iTunes.exeC:\Documents and Settings\Matt\My Documents\INSTALLS\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nutrider.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/broadbandO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [DeltTray] DeltTray.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE   nice one Quote Link to comment Share on other sites More sharing options...
Steve Posted January 15, 2005 Author Share Posted January 15, 2005 That log is totally clean mate. There are a couple of things you could fix, if you want to slim down your PC: - O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot  You could also disable MSN Messenger from starting when you boot if you like. That's a good log though and even removing the 4 items I mentioned above won't make much difference - it's more a matter of good housekeeping. Quote Link to comment Share on other sites More sharing options...
dissonance Posted February 4, 2005 Share Posted February 4, 2005 sigma.. you mind?   Logfile of HijackThis v1.97.7Scan saved at 1:32:06 AM, on 2/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\system32\DeltTray.exeC:\Program Files\Grisoft\AVG6\avgcc32.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\FSScrCtl.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\dissonance\Desktop\hijackthis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1537paperstreet.com/thoughtcontrolO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [DeltTray] DeltTray.exeO4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startupO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exeO9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra button: PartyPoker.com (HKLM)O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)O9 - Extra button: NeoTrace It! (HKCU)O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095045665546O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...8085.8875231482O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 4, 2005 Share Posted February 4, 2005 Nothing particularly bad about that, Dissonance. I can see several things which really don't need to be there though -- Files\Real\Update_OB\realsched.exe" -osboot C:\WINDOWS\FSScrCtl.exe (a screensaver control applet. Do you really need this?) C:\WINDOWS\system32\Ati2evxx.exe (ATI Drivers process. Not needed at all, because all ATI options are available by right-clicking the desktop > Properties > Settings > Advanced). C:\WINDOWS\system32\Ati2evxx.exe (Same as above. There's always two of these running. To disable -- go to Control Panel > Admin Tools > Services > Double-click the ATI entries and set to Disable. Reboot for the changes to take effect). Not sure about the Java update, C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe. I don't think it's needed. Get Sigma to confirm. What I'm confused about is C:\WINDOWS\System32\NvCpl.dll,NvStartup. This is for nVidiagraphics drivers, isn't it? But you have ATI?  PartyPoker.com? I'm not sure about why you'd need this.  I would also get rid of the Messenger ones, but maybe you need them. Quote Link to comment Share on other sites More sharing options...
Steve Posted February 4, 2005 Author Share Posted February 4, 2005 I would agree with everything Dee says, but I can't really tell you exactly what to remove until I know which graphics card you have, because you seem to have files relating to ATI and Nvidia cards starting up for some reason. I assume you switched cards at some point and there's a few left over files. Check your PMs too! Quote Link to comment Share on other sites More sharing options...
Steve Posted February 4, 2005 Author Share Posted February 4, 2005 OK you should first update your Java to the latest at http://www.java.com Then run HijackThis again and get rid of the following: - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe The jusched.exe one listed above is the updater for Java, which clearly doesn't work. It should appear as I've typed it there after you've updated Java. You can also remove this if it still shows: - O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup The screensaver one can go, unless you really want to keep the particular screensaver you have. It's part of the Stardust Screensaver ToolKit which you can uninstall.: - O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe Also, the ATI control panel is not required, so unless you use the little system tray icon to adjust settings, you can get rid of it. It doesn't affect the actual graphics drivers: - O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Any entries in the log that start with O9 are just extra buttons or menu items added to your browser. You can remove any or all of them with no bad consequences if you like. Before you hit Fix Checked in HijackThis, just make sure you have no browser windows at all open. Quote Link to comment Share on other sites More sharing options...
Max Posted February 4, 2005 Share Posted February 4, 2005 Thanks in advance for the help. This is my first time doing a Hijack This! scan. Logfile of HijackThis v1.99.0Scan saved at 11:17:57 AM, on 2/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exeC:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Parallel Tasking\ptask.exeC:\PROGRA~1\COMMON~1\tsa\tsm2.exeC:\WINDOWS\system32\RAMASST.exeC:\toshiba\ivp\ism\ivpsvmgr.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\system32\inetsrv\DavCData.exeC:\Program Files\AIM\aim.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\COMMON~1\tsa\ts2.exeC:\Program Files\SPSSStudent\spsswin.exeC:\Documents and Settings\Max\Desktop\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dllO2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dllO4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -SO4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -SO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program Files\WhenUSearch\whse.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",LoadO4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exeO4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files\Stardock\Object Desktop\KLP\Keys.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exeO16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Ja...g/ie/SecMgr.cabO16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CABO16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned41.cabO16 - DPF: {9AC81071-4B2C-48DF-A245-C131DD64B7D2} (MachineCheck Class) - https://wwws.richmond.edu/UofRMachineCheck.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver...gent/wtinst.cabO16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = richmond.eduO17 - HKLM\Software\..\Telephony: DomainName = richmond.eduO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = richmond.eduO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = richmond.eduO18 - Protocol hijack: mhtml - O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LC Remote Agent - Unknown - C:\WINDOWS\lcagent.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: VNC Server - Unknown - C:\Program Files\TightVNC\WinVNC.exe (file missing) Quote Link to comment Share on other sites More sharing options...
Steve Posted February 4, 2005 Author Share Posted February 4, 2005 You have a few bits of spyware in there Max. Take a look in Add/Remove programs for anything that resembles the following: - WhenUSearchUploader-RTravelling Salesman Uninstall them (if any are found), then reboot. Download Ad-Aware from HERE. Install it, update it to the latest reference file, then scan your machine and remove everything that it finds. Then reboot again and before starting any other programs, get a new HijackThis log and paste it into here. Hopefully those steps will shrink the log down a bit so we don't have to do it all manually. Quote Link to comment Share on other sites More sharing options...
Max Posted February 4, 2005 Share Posted February 4, 2005 aright sorry ahahha. I have adaware already! what do you take me for!? hahah i just havent run it in a few weeks. I'll get back to ya. Quote Link to comment Share on other sites More sharing options...
dextrous Posted February 7, 2005 Share Posted February 7, 2005 One of the shared Pc's at work that I'm using at the minute is pissing me off no end with about:blank hompages and popups etc.I'm no expert on this sort of thing but the hijack log doesn't look good to meAs it's not my PC I'm not bothered about deleting everthing so it runs perfectly, just the stuff that's getting on my nerves. I think I can guess which items I can delete but if anyone can confirm what I can delete that would be greatly appreciated.      Logfile of HijackThis v1.99.0Scan saved at 15:21:36, on 07/02/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\Program Files\Common Files\Network Associates\McShield\Mcshield.exeC:\Program Files\Network Associates\VirusScan\Avconsol.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exeC:\WINNT\system32\NWTRAY.EXEC:\WINNT\system32\SxgTkBar.exeC:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\winnt\system32\exbonw.exeC:\WINNT\system32\internat.exeC:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exeC:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exeC:\Program Files\Netropa\Onscreen Display\OSD.exeC:\winnt\system32\calc.exeD:\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXEC:\Documents and Settings\lts-avl-cs1\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\LTS-AV~1\LOCALS~1\Temp\sp.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\LTS-AV~1\LOCALS~1\Temp\sp.dll/sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.lmu.ac.uk/netscape/default.pacO2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {21EAB6C2-49EB-4D1E-9E23-3C7E8188AB9D} - C:\WINNT\system32\lbhn.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar2.dllO3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -rO4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXEO4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exeO4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [exbonw] c:\winnt\system32\exbonw.exeO4 - HKCU\..\Run: [internat.exe] internat.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Office Startup.lnk = D:\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXEO8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\winnt\downloaded program files\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cabO16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409O16 - DPF: {3B2E9991-0C57-426F-A5E4-784C7A5C6420} (Datasheet control) - http://alldatasheet.com/Datasheet.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26a37314f87289275605/...ip/RdxIE601.cabO16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://69.15.196.10/activex/AMC.cabO16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc12-gb/gbc12/games30.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://193.10.64.20/activex/AxisCamControl.cabO16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://av-loans.lmu.ac.uk/cabinet/activexviewer.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6D3D4C2C-D210-4926-A26B-7487D41A23D2}: Domain = lmu.ac.ukO18 - Filter: text/html - {AD741353-706C-43B6-BAD3-55489754937A} - C:\WINNT\system32\lbhn.dllO18 - Filter: text/plain - {AD741353-706C-43B6-BAD3-55489754937A} - C:\WINNT\system32\lbhn.dllO23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exeO23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exeO23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe Quote Link to comment Share on other sites More sharing options...
Steve Posted February 7, 2005 Author Share Posted February 7, 2005 Firstly, uninstall that AdwareFilter Toolbar thing. It's shite. Then run HijackThis and check off all of these: -  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\LTS-AV~1\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\LTS-AV~1\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.lmu.ac.uk/netscape/default.pac O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dll O2 - BHO: (no name) - {21EAB6C2-49EB-4D1E-9E23-3C7E8188AB9D} - C:\WINNT\system32\lbhn.dll O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26a37314f87289275605/...ip/RdxIE601.cab O18 - Filter: text/html - {AD741353-706C-43B6-BAD3-55489754937A} - C:\WINNT\system32\lbhn.dll O18 - Filter: text/plain - {AD741353-706C-43B6-BAD3-55489754937A} - C:\WINNT\system32\lbhn.dll   Also, I have no idea what this is and neither does Google. If you have no clue either, then this could be dodgy. Perhaps get rid of it too: - O4 - HKLM\..\Run: [exbonw] c:\winnt\system32\exbonw.exe  Close all browser windows and hit Fix Checked. Then reboot (preferably into safe mode) and run Disc Cleanup to empty all your temp files and folders. Then find and delete the following if they still exist (you'll have to set hidden files to show to see them): - C:\DOCUME~1\LTS-AV~1\LOCALS~1\Temp\sp.dll C:\WINNT\ZServ.dll C:\WINNT\system32\lbhn.dll C:\Program Files\AdwareFilterToolBar  If you added that other file to be fixed in HijackThis, then you can also delete it: - c:\winnt\system32\exbonw.exe  Reboot again, then start Internet Explorer and hit Tools then Internet Options. Click on the Programs tab and hit Reset Web Settings. Then click on the General tab, re-enter your desired homepage and hit Apply then OK. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 7, 2005 Share Posted February 7, 2005 Honestly Sig, you should write a program that does all this! Â I hope people appreciate your effort. Quote Link to comment Share on other sites More sharing options...
dextrous Posted February 7, 2005 Share Posted February 7, 2005 You the man Sigma, you the man. Seriously, you've helped me with a couple of things like this in the past and it's much appreciated mate. Quote Link to comment Share on other sites More sharing options...
Mixologist Posted February 7, 2005 Share Posted February 7, 2005 Honestly Sig, you should write a program that does all this! Â I hope people appreciate your effort.<{POST_SNAPBACK}>Â and get paid lol Quote Link to comment Share on other sites More sharing options...
MrKD Posted February 17, 2005 Share Posted February 17, 2005 Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\gearsec.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exeC:\Program Files\InterVideo\Common\Bin\WinRemote.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\a64sddd.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\pchbutton.exeC:\WINDOWS\system32\txfdcd.exeC:\Program Files\Spyware Doctor\swdoctor.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MailWasher Pro\MailWasher.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exec:\Program Files\Norton AntiVirus\OPScan.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpecialoffer.com/indexie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.zpecialoffer.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mrkd.co.uk/go/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktopO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\Program Files\GoZilla\Go.exe" /FIXRASO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\pchbutton.exeO4 - HKCU\..\Run: [LovqRSesW] txfdcd.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dllO9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.media-motor.netO15 - Trusted Zone: *.popuppers.comO16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.qmdatabase.org/download/CfxIEAx.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{FA0C1F07-9AC4-4B3D-9ECC-EE5EA4D555E6}: NameServer = 62.241.162.200 158.43.240.3O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 17, 2005 Share Posted February 17, 2005 Â What is it with these ENORMOUS logs? You guys need to strip the hell out of your system! Â Sigma, I do not envy you. Quote Link to comment Share on other sites More sharing options...
Steve Posted February 17, 2005 Author Share Posted February 17, 2005 I can see what's causing the problem mate. Gimme 15 minutes or so to look through that lengthy log and I'll get back to you. Quote Link to comment Share on other sites More sharing options...
MrKD Posted February 17, 2005 Share Posted February 17, 2005 Â What is it with these ENORMOUS logs? You guys need to strip the hell out of your system! Â Sigma, I do not envy you.<{POST_SNAPBACK}>Â Â Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 17, 2005 Share Posted February 17, 2005 "a64sddd.exe"Â Definately get that fixed. I know it's dodgy, seen it before. Â BTW, hello KD. Quote Link to comment Share on other sites More sharing options...
MrKD Posted February 17, 2005 Share Posted February 17, 2005 I only got wind that there was a problem when my browser was been reset to About:blank! looked into it and found loads of shit via software .. but then thought well if anyone knows the score it will be Sig ... Thank for the help I really do big ya up for it !!! btw .. big hug Dee .. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 17, 2005 Share Posted February 17, 2005 Werd. I am shocked at these logs that people post up, seriously. Yours isn't exactly one of the worst I've seen, but mine is like one tenth the size of most others I've seen (apart from Sig's), maybe even less than a tenth. Well, here is my last one: Logfile of HijackThis v1.99.1Scan saved at 13:06:52, on 17/02/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files II\Security\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files II\Security\Hijack This! v1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.2/O4 - HKLM\..\Run: [smcService] C:\PROGRA~2\Security\Sygate\SPF\smc.exe -startguiO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDEngine.exeO23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files II\Maintenance\Raxco\PerfectDisk\PDSched.exeO23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files II\Security\Sygate\SPF\smc.exe  It should be smaller than this usually, there's a couple of PerfectDisk entries that are confusing me because they shouldn't be there. Quote Link to comment Share on other sites More sharing options...
MrKD Posted February 17, 2005 Share Posted February 17, 2005 Not something I`ve ever looked into before but 100% am going 2 from now on !!! That log it fukin tiny ! Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 17, 2005 Share Posted February 17, 2005 It's just the neccessary stuff running only. What more could I possibly need at startup except a decent firewall? There's no need for any crap basically stealing the performance of your PC and also risking it's security.  My log log is usually this big: Logfile of HijackThis v1.99.1Scan saved at 13:06:52, on 17/02/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files II\Security\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files II\Security\Hijack This! v1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.2/O4 - HKLM\..\Run: [smcService] C:\PROGRA~2\Security\Sygate\SPF\smc.exe -startguiO23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files II\Security\Sygate\SPF\smc.exe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.