Computer Hope
Software => Computer viruses and spyware => Topic started by: casse2go on October 26, 2007, 01:28:17 PM
-
I'm posting a log that will take a few posts so please wait until I post the end.
Logfile of HijackThis v1.99.1
Scan saved at 1:17:41 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1191803439\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\HJT\HijackThis.exe
-
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191803439\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
-
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_48.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_29.cab
-
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB95BC08-5B98-4819-9D65-750539CB676B}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
THE END
-
I'll take a look...
-
Your log is clean ;D ;D ;D
What is this "Error Repair Professional" program? I've read, it deals with Windows registry, but I've never heard of it before. Someone recommended it to you? Did you pay for it?
-
Your log is clean ;D ;D ;D
What is this "Error Repair Professional" program? I've read, it deals with Windows registry, but I've never heard of it before. Someone recommended it to you? Did you pay for it?
Hmm...I don't know if that's good news or not for my girl here and here problems. But thanks Broni.
I didn't pay for that download. I do recall it though. Trying to recall exactly why I ran it. I do think it had something to do with that "INSTDRIVER" thing.
-
Unless someone else says otherwise, since it's not a known program, I'd uninstall it, especially because it runs as a startup.
Now, when we went through HJT, and all other things, please remind me, what was your primary problem?
-
Did you see anything on there dealig with Microsoft easy assit. That program is on my system because it's a desktop shareing program. But I don't think it's Error Repair ...
Are you asking why i first posted in this site. Because I was having a problem loading and then playing online games and Emulators which are offline, without them freezing and going to black screen, or to the BIOS page. Both of which caused me to have to hold down the off button on the tower for five seconds.
Also, I realized last week or so, that when the computer goes to black screen, the game keeps playing. I know because it froze while I was playing a timed game and while the black screen was up the clock ran down on the game and the usually time up ending occurred.
But you know what, the other day I tried to download something...oh yeah, I was trying to play a game in Yahoo, and I got a message saying the memory ran out at line 56.
But also, in Yahoo when I tried to play the game, it requested that i have my girl here scanned for nasties. Which i did and there aren't any so :P Yahoo.
Oh yeah, and I posted in Comp Hardware because after working with microsoft Techs for weeks they gave up and told me the problem had to be Hardware not software.
-
Did you see anything on there dealig with Microsoft easy assit. That program is on my system because it's a desktop shareing program. But I don't think it's Error Repair ...
You have a program "Error Repair Professional":
C:\Program Files\Error Repair Professional
Do your problems happen only with games? How long ago did it start?
Posting an exact error may help, as well.
-
Yeah I know, But you know what. i don't think it was listed as a registry cleaner. I owuldn't have loaded and run it otherwise. My microsoft Assist, warned me against running a registry cleaner per se. I'm sure it had something to do with that "INSTDRIVER" thing. Was it in Tech Republic. I dunno.
Errors??? I have lots of error messages. I have a log books that has lots of error titles and msges. However, the only message I ever got when the computer froze I think I poted in the Hardware Forum. I'll check.
-
Was it in Tech Republic
Yes:
http://software.techrepublic.com.com/download.aspx?docid=287066
-
Okay here is the ONLY one I ever got during a blackout.
[
--------------------------------------------------------------------------------
Yikes! I finally got to see an error report during a freezing. Here it is:
Windows display drivers stopped responding
The ati2dvag display driver has stopped working normally. Save work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to [upload data about this failure to Microsoft.]
The bracketed part didn't happen. Okay, so the screen wen to white this time. Not that there was a white screen rather than black but that everything was shown in whte with black fonts. Then it was grey after closing down the error window, then the next screen was teal (my desk top).
Also yesterday I managed to copy down info from my BIOS pages. If you think it might help I'll post it.
[/b]
-
You may need new video driver.
Go Start, and then click Control Panel. Click Performance and Maintenance, and then click System. On the Hardware tab, click Device Manager.
Click a "+" sign next to Display Adapters.
What do you have listed right underneath?
-
I could check but my MT and I did that after i got the msg about the ATI2dvag. He went in there and uninstalled and reinstalled new driver. Or whatever was supposed to rememdy the problem. But I'll go check.
-
Who is MT?
-
Who is MT?
:D Microsoft Tech
RADEON 7000/ RADEON VE FAMILY (Microsoft Corporation)
-
Download a new driver from here:
http://ati.amd.com/support/drivers/xp/radeon-prer300-xp.html
-
Broni, can I get back with you on that, please?
Thank you...BTW, you say "A" driver are they all the same? You know me. Btw again, what's wrong with the one I have? I just want to know if it's inferior or what.
I'm prolly out for the night Broni. Enjoy yours. TA
-
You know me
LOOOOOOOOOOOOOOOL
are they all the same?
There is only one download there: Catalyst Software Suite
what's wrong with the one I have? I just want to kow if it's inferior or what.
Well, drivers got corrupted sometimes, that's all.
I'm going out of here as well. See ya.
-
Hmm...
Oka let me check it out with my MT and I'll get back. Again, hago. Enjoy your weekend Broni. ")
-
Your log is clean ;D ;D ;D
What is this "Error Repair Professional" program? I've read, it deals with Windows registry, but I've never heard of it before. Someone recommended it to you? Did you pay for it?
Broni, you asked what this program was. I'm not sure but I think it has to do with memory. I was reading about improving your comp's memory and I think I downloaded this.
-
In MOST cases, programs, you just stumble upon, and they promise you to fix everything, clean everything, etc., are either bogus, or want some money from you.
You should ONLY use programs, which are recommended by some trustful sources, like this board, for instance.
I'd definitely uninstall it.
-
Do you think that Tech Republic is as reputable a site as this one?
-
Tech Republic is known place, but I don't know how they test programs, they recommend.
But I know, that if 50 people here will say: "Program X" is a good one, I'll take it for granted.
You can make a poll to see how many people heard of/use "Error Repair Professional".
-
That's not necessary Broni. A poll isn't necessarily indicative of the truth of the item. Not that it matters to me. You know how much I know about computers. As far as TR is concerned I got tired of their gazillion emails and cancelled my membership with the site.
Tell me something Broni, is IM something that runs as long as the computer is on whether in use or not?
-
It depends.
If your IM is set as a startup program (default with many IM programs), it runs as long, as your computer is on.
However it's not recommended setting for non-essential programs.
If it's not a startup, it'll run only when you turn it on.
Just look at a notification area of your taskbar (next to the clock). Whatever is there, it's running.
-
Avg, AOL, Quick Time and Volume are there. So, are you saying that, absolutely, if I have a program that runs or starts as soon as I come online, it would be in the taskbar? Therefore, I have only four start up programs.
Broni, I'm leaving online for a while, and if I don't fall asleep at the wheel and start kissing wood, I'll check back later.
Thanks Broni.
-
Therefore, I have only four start up programs
Not quiet. Some startups are hidden, but it doesn't apply to programs like IM.
You can see your startups in many ways.
You're familiar with HJT already. If you look at its log, all O4 entries are your startups. In your case:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191803439\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
In general the lower number of startups, the better for your computer performance (i.e. startup time).
For instance, you have several startups, which are unnecessary:
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
- O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (2 entries)
- O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe (I recommended to uninstall this program altogether)
To remove the above programs to run as startups, in Win XP, go Start>Run, and type in:
msconfig
Hit Enter.
Click on "Startup" tab, and remove checkmarks next to the above entries. Click OK.
Windows will ask you, if you want to restart your computer for changes to take effect.
You can do it right away, or later.
-
Hi Broni, so you want me to uncheck all the item with "04" by them. Now then, these run as soon as my comp comes on? So then If I uncheck them as strat up I will need to be prompted to run them?
The AVG program? Broni, my virus protection...talk to me about this one. I want it to run at start up don't I?
And, to uninstall "error repair" completely and for sure, because I know me, I'll prolly need a path. :( Unless it's in control panel.
I'll holler back at ya later Broni. Thanks for the guidance.
-
you want me to uncheck all the item with "04" by them
Nooo...
I did show you which ones:
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
- O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (2 entries)
- O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe (I recommended to uninstall this program altogether)
If I uncheck them as strat up I will need to be prompted to run them?
No, they won't bother you.
The AVG program? Broni, my virus protection...talk to me about this one. I want it to run at start up don't I?
Yes, you won't uncheck it. It's not listed above.
Unless it's in control panel.
It should be in Add/Remove. If it's not, let me know.
-
Hey Broni, that applicaion isn't in ADD/REMOVE. And my saying Control Panel is because that's how I get to A/R.
Also, Why didn't you ask me to uncheck the ones with "file missing" or "unknown ..."? I don't use an McAfee programs unknowingly do I? I did have it loaded but uninstalled it because of size. Are those remnants that also need to go?
-
that applicaion isn't in ADD/REMOVE
In that case, just uncheck it as a startup, and you're gonna be fine.
Why didn't you ask me to uncheck the ones with "file missing" or "unknown ..."? I don't use an McAfee programs unknowingly do I?
At the time, I was checking your HJT log, I was looking for nasties, so I guess, I overlooked them.
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
You may run HJT again, and "fix" these two entries, as well.
Post your fresh HJT log, so I can double check, they are not trying to run as non-existing services.
-
Okay, I'll do it as soon as possible, but it won't be tonight Broni. I have to do a few things around here so I'll haoller at you when I have posted it.
H A P P Y x x x H A L L O W E E N :D
-
To you, too...
(http://homepage.ntlworld.com/curly.johnson/images/pumpkinrow.gif)
-
Ohh. purty.
Is that in here?I'm green.
Can't wait til Christmas...
-
Can't wait til Christmas...
At your service.....
(http://gifs.cc/MRYXMAS021Ea1b2a.GIF)
-
We'll talk later. IM or PM me. Btw, can I have a sig as yet? Okay i'm going offline now... prolly check in later. :)
-
Btw, can I have a sig as yet?
What do you mean? If you can attach some sig to your posts? If so, sure, you can.
-
Sites usually have some kind of rule about CT or sigs for noobs. Most involve posts. A while back I joined a site where you can make quizzes; However, you must be a member for a month and have played 100 of the quizzes before you could design you own quizzes. I wanted to design the quizzes so I did the one hundred.
Therefore, I'm guessing there is a minimal post count here before getting your own CT and Sig.
-
You were supposed to go to bed, weren't you?....LOOOOOOOOOL
On this board, you can have your avatar, and your signature, 1st minute after you ever signed up.
Go ahead, and get busy about it. 8)
-
I said, I was going offline, not to bed. I did something in safe mode. I have never looked around the site. So where do I go to see the sigs, or is there a designer here as in most sites?
-
There is no designer here, but if you tell me what you want to have in your signature, I'll try to help you out.
-
Well, Since I know jack about the computer; how about someone siting at one surrounded by question marks. Or something that conveys the same message.
-
someone siting at one surrounded by question marks
I'm not sure what you mean here....
You figure something out, and I'll try to wrap it up as a signature.
-
Well, Since I know jack about the computer; how about someone siting at one surrounded by question marks. Or something that conveys the same message.
That word "siting" is misspelled. It should be "sitting". I like my CT and text. Can that be made into one?
Okay now on to the business at hand. I went into "Start Up" to comply with your directive to uncheck. Here's what did.
I clicked out of AOL, then went to desk top, I then did what you asked and when I had finished, this came up.
An Access Denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes. I then clicked OK and the prompt to restart came up so I clicked it.
Wait, somewhere in there came the msg to choose to start the computer using the Normal Start Up. You prolly already know the window but here it is anyway.
SYSTEM CONFIGURATION UTILITIES
Start Up Selection
empty circle: Normal Start Up
empty circle: Diagnostic Start Up
green dot in circle: Selective Start Up
green check: Process System.INI File
green check: Process Win.INI File
green Check: Load System Services
green square in square: Load Start Up Item
green dot in circle: Use Original Boot.InI
gray obscured: Use Modified Boot.INI
[Load Syetem Restore] [Expand File]
Close Cancel Apply Help
I "Xed Out"...
The msg about Access Denied came up again.
-
Also, I went into the ADD/REMOVE programs to undo the McAfee items but they weren't in there so how do I get to them? Is it through the Notepad?
This is what was in the ADD/REMOVE, is there anything you think I can ditch?
adobe flash player 9 activeX
adobe shockwave player
AOL registration
AOL uninstaller (choose product to remove)
AVG 7.5
google toolbar for Internet Explorer
HijackThis 1.99.1
java (tm) 6 update 2
jave (tm) 6 update 3
*learn2player {uninstall only)
microsoft easy assist
*microsoft internationlized domain names mitigation APIs
*microsoft national language support download APIs
quick time
real player basic
viewpoint media player
windows installer 3.1 (kb893802)
Those with the "*", I have no idea what they're for. Unless they go with the Easy Assist.
Thanks Broni...
-
I clicked out of AOL, then went to desk top, I then did what you asked and when I had finished, this came up.
An Access Denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes.
Go Start>Run, type in:
services.msc
Find those two O23 entries:
- McAfee Real-time Scanner (McShield)
- McAfee SystemGuards (McSysmon)
For each of them, follow this:
If under Status column, you see Started, right click on entry, and click Stop.
Right click again, click Properties, under Startup type select Disable from drop-down menu.
Restart your computer.
You may post new HJT log for me to see, if all changes has taken effect.
green dot in circle: Selective Start Up
This is correct. Click OK, and Windows will ask you, if you want to restart your computer now, or later.
Upon restart, you'll see a pop-up message, stating, that your computer started in Selective Mode. Put a checkmark in "Don't show this message again", and click OK.
I like my CT and text. Can that be made into one?
You mean to have a text inside your picture?
-
I went into the ADD/REMOVE programs to undo the McAfee items but they weren't in there so how do I get to them?
Most likely McAfee is long gone, but you have some registry leftovers, which still call for McAfee ("normal" with crappy programs).
We'll worry about it later. For now, follow instructions from my previous post.
learn2player
It looks like some AOL leftover. You can safely uninstall it.
As for two M$ entries, you better leave them alone.
-
Quote
I like my CT and text. Can that be made into one?
You mean to have a text inside your picture?
Hi, no...not inside, but underneath as it appears in the CT.
By the way, does the color tag work in here? Also, do you know how many pieces of mail the mailboxes in here hold?
Yes, and I was correct to go offline with AOL before I went to msconfig wasn't I?
-
The word "Started" wasn't by either Broni. I just "Xed Out".
-
What do you mean by "xed out". You can't do this with services.
What did you have under Status column?
-
There wasn't anything by eitherof them, so just clicked on the red "X" in the northeast corner of the page, next to enlarge and minimize the page. I call it Xing Out.