|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 HijackThis LOGFILE >>>(Click here to view the original thread with full colors/images)Posted by: JaccoS Please check out this log file!! [B]What to remove and how to backup?![/B] _____________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 20:29:11, on 8-3-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\dllhost.exe C:\Documents and Settings\SABINA\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.nl/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://www.easywebsearch.nl[/url] R3 - URLSearchHook: (no name) - {1E432263-6841-4653-8F02-366A2F77E339} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [-----MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\System32\ntcpl.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Shortcut to Casema Internet.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation .htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - [url]http://www.yayahoohoo.com[/url] (file missing) O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: ImageUploader - [url]http://www.albumservice.nl/ImageUploader.CAB[/url] O16 - DPF: RaptisoftGameLoader - [url]http://www.miniclip.com/hamsterball/raptisoftgameloader.cab[/url] O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab[/url] O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url] O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - [url]http://makeover.ivillage.com/save/makeover.cab[/url] O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - [url]http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab[/url] O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - [url]http://www.streamaudio.com/download/ccpm_0237.cab[/url] O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - [url]http://www.miniclip.com/platypus/miniclipGameLoader.dll[/url] O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab[/url] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url] O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - [url]http://212.201.49.226:8082/kxhcm10.ocx[/url] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [url]http://www.cult3d.com/download/cult.cab[/url] O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - [url]http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx[/url] O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - [url]https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab[/url] O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - [url]http://sib1.od2.com/common/Member/ClientInstall/10.00.0036/OCI/setup.exe[/url] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - [url]http://secure2.comned.com/signuptemplates/ActiveSecurity.cab[/url] O16 - DPF: {7C9EDEB2-A2E8-417A-85EC-FC10E9D64E1F} (StoneMakeIconCtrl Class) - [url]http://inc-image.stoneradio.com/activex/stoneicon/StoneRadioIcon.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab[/url] O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://64.146.72.210:8111/AxisCamControl.cab[/url] O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - [url]http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll[/url] O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - [url]http://secure.ingbank.nl/download/DigiSign.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/url] O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [url]http://game19.zylom.wanadoo.nl/activex/zylomgamesplayer.cab[/url] O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - [url]http://www.parentwatch.com/content/demo/push.cab[/url] O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - [url]http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/url] O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - [url]https://gto.postbank.nl/GTO/PBGNX.cab[/url] O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - [url]http://asp01.photoprintit.de/microsite/3144/defaults/activex/ImageUploader3.cab[/url] O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - [url]http://download.abacast.com/download/files/abasetup152.cab[/url] O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab[/url] O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - [url]http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx[/url] O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - [url]http://install.mp3bereich.de/InstallationsAssistent.ocx[/url] O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab[/url] O23 - Service: A1Monitor6213124146 - Unknown owner - C:\Program Files\A1Monitor\VMonitor.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe Hope u can help me out My email is *snipped* (for security reasons, you don't want spam bots to harvest it. Liz - southernlady) And reply here please.. Posted by: rstones12 Can you explain what type of issues you are currently having with your system. Thanks, rstones12 Posted by: JaccoS Well msn does not work gives an error message, I can't even login to secure sites.. (it's not blocked in my Anti virus or firewall!) Cpu is normal = at 3 or so :( and my pc is lagging when i play games i played one small java game yesterday wich laggs alot like every 6 seconds or so, not just then 4 sec then 6 sec. but every 6 seconds the same lagg. sometimes every 7 sec or so. and in my game Counter-Strike i have the same laggs. not more not less. how come?!?!? :( :confused: i think its not my pc but something in my cpu or memory :S wich I didn't found! when i close everything then still the same. but when i close svchost.exe > :P no sound then too...< its a bit less laggs! normally it should be work fine it since a few months :( Im sorry for my bad english! Hope u can help me PLEASE! I have Windows Xp prof maybe u can compare this with the one of wonderboy Posted by: rstones12 JaccoS, We are going to need to remove a few things, but first I would like you do to the following: The reason I am asking for these first initial steps is that it can clear up some items in the first part of the fix if needed. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] [b][2.][/b] Please run at least one of these online scans, allow it to delete anything it finds: You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time. If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough. [list][url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [url=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/url] [url=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. [b][3.][/b] You [b]may have[/b] run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Then Scan with your Anti-Virus Program [b][7.][/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. You are currently using HijackThis from a temporary directory, this can cause problems. HijackThis creates backups, these are needed in case of any recovery issues. Please create a directory on your [b]C:\[/b] drive called [b]C:\HJT[/b], download and unzip HijackThis into that directory. Run the program from that directory from now on. [b][color=green][size=3]STEPS For Creating Folder[/size][/color][/b] [list=1] [b]1.[/b] Please go to My Computer, open your [b]C:\[/b] drive, Select: New >> Folder and name the folder [b]HJT[/b]. [b]2.[/b] Download HijackThis to the new folder: [b]3.[/b] Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder. [b]4.[/b] Close ALL windows except HJT [b]5.[/b] SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy') [b]6.[/b] POST the log in this thread using 'Post a Reply' (Ctrl-V to 'paste') [/list] [color=red]Please make sure you post the entire log including the top portion:[/color] [b]DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER[/b] Posted by: JaccoS Stop SPAM All the same posts on all topics :confused: BTW it does not fix my problems. I tried alot programs to fix it earlier, also the programs u recommended. I already knew these prog's. Can u compare the both log files of wonderboy and me? Cause he has the same problem as me.. :( Posted by: southernlady Actually no, he didn't...you do have problems in your log, his log was clean. Now, are you going to cooperate with rstones12 in his effort to help you? Just because the first steps START the same way do not mean they stay the same once we get into a log. Liz Posted by: rstones12 [QUOTE][i]Originally posted by JaccoS [/i] [B]Stop SPAM All the same posts on all topics :confused: BTW it does not fix my problems. I tried alot programs to fix it earlier, also the programs u recommended. I already knew these prog's. Can u compare the both log files of wonderboy and me? Cause he has the same problem as me.. :( [/B][/QUOTE] [b]Spam[/b] - Unsolicited "junk" e-mail sent to large numbers of people to promote products or services. Sexually explicit unsolicited e-mail is called "porn spam." Also refers to inappropriate promotional or commercial postings to discussion groups or bulletin boards. Please post back a new HJT log and I will take a look at it. rstones12 Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |