|
|
Solley
regular
Reg'd: Thu
Posts: 114
Loc: Hiding in the garage from the ...
|
|
Hi
Not sure what is going on here but my CPU usage is now running at 100% with nothing but just my Desktop showing.
This has only just started doing this today after i checked for up dates with Adaware 2007,the up date didn't work as when i open up Adaware this message comes up.
system error:1814 has occured. Description: Could not login to service, Are you running the application as another user ?
The application then terminates, i then go to close the screen & it says system not responding, this screen then goes away on it's own.
Note :- I am the only user on the Pc, i have system restored my Pc back to yesterdays date (Before the Adawre up date) & it said that it had been restored ok.... also everything now opens up a lot slower than it did before - ie Control Panel, Firefox, Add & remove programs etc.
Here's my HJT this log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:47, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PC Pitstop Erase Scheduler] C:\Program Files\PCPitstop\Erase\PCPitstopErase.exe /remindme
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8184 bytes
Thank you Solley 
=====================================
Hi
Ok i have managed to get my PC back up to speed again with all my programmes etc running like before the failed Adaware up date.
I had to use the Revo uninstaller to remove Adaware 2007 from my pc, it was a fight but i got there eventually... lol.
Please see below HJT log since removing Adaware 2007 as this may help in seeing if i have any thing nasty still remaining.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:48, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PC Pitstop Erase Scheduler] C:\Program Files\PCPitstop\Erase\PCPitstopErase.exe /remindme
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8117 bytes
Regards
Solley
========================================
Hi
Have just noticed after several reboots that my Zone alarm firewall does not always start up in my system tray on the task bar, this has never given me any trouble in the past.
Could you please advise on this above matter also, as i'm not sure if it's connected with my problem, just thought you might need to know this.
Note :- I can't recall ever having seen these enteries in previous HJT log posts, but i'll leave this to the experts.
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
Regards
Solley
--------------------
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Edited by Joe_London (Wed Apr 09 2008 10:09 PM)
|
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Hi Solley,
Sorry I couldn't deal with this last night but I was so busy elswhere and I was tired out.
Firstly those two HJT entries are legitimate and Related to System_Event_Notification_Services from Microsoft. Required for Efficient Mobile Network Computing.
Secondly you need to review your securities.
I can see entries there for the following:
Zone Alarm.
A Squared
SuperAntiSpyware
Ad-Aware
McAfee
Spybot S&D
Windows Defender
SpywareGuard
Is there anything else? Please let me have a complete list of these programmes on there as I'm concerned about conflicts.
Also post a programmes list:
Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.
Please download ComboFix from either of these two locations
BleepingComputer
GeeksToGo
And save it to your Desktop.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you at C:\ComboFix.txt.
Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
Full Instructions
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
Solley
regular
Reg'd: Thu
Posts: 114
Loc: Hiding in the garage from the ...
|
|
Hi Joe
Before i start with Combo fix i see it say's to disable my Antivirus,firewall etc.
Do i need to do this as it say's that when it runs, my connection is still on but it will disconnect me from the Internet & restore my connection later on during the process.
Is this safe to do because if i'm on the Internet with no protection surely i'm left wide open to what ever.
Please advise, of course i will follow you instructions but thought i had better ask you these questions 1st.
Regards
Solley
--------------------
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Best to follow the instructions Solley, you will be fine. Once it completes re-enable your Anti-virus and firewall. Turn all the AntiSpyware stuff off for now.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
Solley
regular
Reg'd: Thu
Posts: 114
Loc: Hiding in the garage from the ...
|
|
Hi Joe
Done as requested, Anti Virus & Firewall now enabled again ... please see below logs as requested.
Uninstall list
ABBYY FineReader OCR Engine
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Ahead Nero Burning ROM
Apple Software Update
a-squared Free 2.0
AusLogics Disk Defrag
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
Belarc Advisor 7.2
Browser Hijack Blaster v1.0
CCleaner (remove only)
CloneCD
coverXP (remove only)
Easy Picture2Icon 1.0
EPSON CardMonitor
EPSON PhotoQuicker3.2
EPSON PhotoStarter3.0
EPSON PRINT Image Framer Tool1.1
EPSON Printer Software
Free CD-DA Extractor 4.8
HijackThis 2.0.2
InkSaver
IrfanView (remove only)
Java(TM) 6 Update 5
Kaspersky Online Scanner
Logitech QuickCam
Logitech® Camera Driver
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft DirectX Transform optional components
Microsoft NetShow Tools 2.0
Microsoft Office 2000 Standard
Mozilla Firefox (2.0.0.13)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Burning Rom Screensaver
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.2
Panda ActiveScan
PC Image Editor
PC Pitstop Erase 1.1
PCI Audio Driver
Photo To Sketch 3.2
QuickTime
Revo Uninstaller 1.50
Roxio MediaTicker
Roxio Update Manager
ScanWizard 5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Skype™ 3.6
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
TOSHIBA Bluetooth Stack for Apache by CSR
Transparency Adaptor Calibrator
U3Launcher
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Window Washer 5
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm
Combo Fix report
ComboFix 08-04-09.9 - Andrew 2008-04-10 19:56:18.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-03-27 20:44 . 2008-03-27 20:44 <DIR> d-------- C:\Program Files\IrfanView
2008-03-25 20:33 . 2008-03-25 20:33 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-13 23:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-13 23:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-13 23:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-12 23:07 . 2008-03-12 23:07 <DIR> d-------- C:\Program Files\Windows Live
2008-03-12 23:07 . 2008-03-12 23:07 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 23:07 . 2008-03-12 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 23:19 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-09 23:19 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 22:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 22:11 1,086,952 ----a-w C:\WINDOWS\system32\ZPENG24.DLL
2008-03-04 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-04 20:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-04 20:58 --------- d-----w C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com
2008-03-03 20:19 --------- d-----w C:\Program Files\Common Files\Java
2008-03-02 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 19:13 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2001-11-23 03:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2004-05-17 05:05 607232]
"LDM"="\Program\" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WebCamRT.exe"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-03-06 07:00 90182]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 11:00 139347]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PC Pitstop Erase Scheduler"="C:\Program Files\PCPitstop\Erase\PCPitstopErase.exe" [2006-07-10 15:31 816120]
"InkSaver"="C:\Program Files\InkSaver\InkSaver.exe" [2003-10-20 18:47 458752]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11 866584]
"C-Media Mixer"="Mixer.exe" [2003-03-20 06:21 1855488 C:\WINDOWS\mixer.exe]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 16:50 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
LaunchU3.exe.lnk - C:\Documents and Settings\Andrew\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-01-28 21:55:38 1078]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 20:42:22 45056]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\WINDOWS\\System32\\MMC.EXE"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2004-06-22 06:17]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 05:09]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2005-11-26 22:14:06 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-10 16:26:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-08-19 15:18:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 19:59:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-10 20:01:13
ComboFix2.txt 2006-09-02 19:11:30
ComboFix-quarantined-files.txt 2008-04-10 19:00:58
Pre-Run: 7,053,901,824 bytes free
Post-Run: 7,042,056,192 bytes free
.
2008-04-08 20:07:51 --- E O F ---
Solley
--------------------
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Can't see anything untowad there Solley. How is the Computer performing Now?
You need to review your securities though as you may have too many programmes doing the same job.
a-squared Free 2.0 <--- leave this on the hard drive to use on demand but do not have it running at start-up.
AVG Anti-Rootkit Free <--- leave this on the hard drive to use on demand but do not have it running at start-up.
AVG Anti-Spyware 7.5 <--- leave this on the hard drive to use on demand but do not have it running at start-up.
Browser Hijack Blaster v1.0 <--- leave this on the hard drive to use on demand but do not have it running at start-up.
McAfee VirusScan Enterprise <-- leave this running at start-up
Spybot - Search & Destroy 1.5.2.20 <--- leave this on the hard drive to use on demand but do not have it running at start-up. You appear to have two versions of this installed. Check this out and if necessary uninstall and reinstall again.
SpywareBlaster 4.0 <-- Make sure this is fully updated and leave this running at start-uP
SpywareGuard v2.2 <--- leave this on the hard drive but do not have it running at start-up.
SUPERAntiSpyware Free Edition <-- leave this running at start-up
ZoneAlarm <-- leave this running at start-up
Pleas run Ccleaner.
Please update and run your AVG Anti-spyware and then post the log here.
Let me know how the Computer is running.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
Solley
regular
Reg'd: Thu
Posts: 114
Loc: Hiding in the garage from the ...
|
|
Hi Joe
What is the easiest way of not making the programmes that you say i do not need to run start up ... not start up ?
I did look in the programmes i have installed called Start Up Inspector & in the Auto run section of Revo uninstaller but i can only find spyware gaurd in both these programmes to stop... i have stopped this from starting up.
Once i know how to stop the other progs running i will run Crap Cleaner & delete then reinstall Spybot S&D then post my results back to you.
The PC is actually running fine, it did the moment i uninstalled Adaware 2007
Solley
--------------------
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Hi Solley.
Quote:
The PC is actually running fine, it did the moment i uninstalled Adaware 2007
Thats good.
Look through your HJT log and let me know which programmes you don't want running.
Also I recommend installing the recovery console mentioned in the combofix report but to do that you have to convert from the FAT32 file system that you have to Ntfs. Do you know why it was installed in Fat 32? Do you have a full Windows install disk?
Give that some thought and let me know what you want to do.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
Solley
regular
Reg'd: Thu
Posts: 114
Loc: Hiding in the garage from the ...
|
|
Hi Joe
I have no idea why this machine was installed with the FAT32 system as this machine was built by someone i no longer have anything to do with.
Unfortunatley i do not have the Windows XP Pro disc that was used for this installation, but i could borrow someones XP Pro disc if that would make it posssible to convert the machine to NTFS.
Is this just to enable the recovery console or are the other benifits as to why you would like me to change the file system ?
I would just like to stop the progs running at start up that you said i don't need running.
Thanks Joe i await your advice.
Solley
--------------------
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Hi Solley,
As the computer is running well you can leave as is if you wish. However it may speed up your computer if you had fewer protections and some of those on there do the same or similar jobs. I there for recommend you do a little housekeeping so to speak. However these are my choices and you may have your own.
I recommend a blank home page because it has nothing to load so therefore is quicker to start. To set your home page to blank. To do this Open Internet Explorer | Tools |Internet Options | Use Blank
I also recommend one good third party firewall, one anti-virus and one anti-spyware along with Spyareblaster, Ccleaner and McAfee Site Advisor.
You can get MacAffee Site advisor from here:
http://www.siteadvisor.com/
You already have all the others I mentioned.
Therefore if you wish to follow my recommendations,you need to turn off the following services.
Go to: Start > Run
Type: services.msc
Click Enter
Maximize the Services window
Drag the separator bar between Name and Description, so you can see all the text in the Name column.
Scroll down for: a2free.
Right click it and select "Properties"
Click the "Stop" button and wait for the service to be stopped.
Change the "Startup Type" from Automatic to "Disabled" (c/o drop-down menu)
Click Apply then OK
Now repeat the procedure and turn off the following:
GRISOFT s.r.o/AVG Anti-Spyware Guard
Close the Services window
Please disable TeaTimer, it can be re-activated once your HijackThis log is clean at the end of this fix.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Quote:
Open Ad-Aware and disable the Ad-Watch protection.
- Go to the Ad-Watch User Interface and click on "Tools and Preferences".
- Uncheck both the Active and Automatic options at the bottom of the screen..
Quote:
Disable A-Squared's Guard:
- Right-click the A2 system tray icon and select "Guard Settings"
- Under the General tab uncheck "Enable background guard on System Startup".
- Reboot the machine to complete the change.
Quote:
Disable SpywareGuard's real-time protection.
- Right click the Spywareguard system tray icon to open the program.
- Click on "Options" and uncheck all the three boxes before clicking Save Settings.
- Then click on Menu | File | Exit and confirm you wish to close the program.
Quote:
Open Microsoft AntiSpyware & disable the real-time protection.
- Click on Tools | Settings.
- In the left pane, click on Real-time Protection.
- Under Startup Options uncheck: "Enable the microsoft AntiSpyware Security Agents on startup (recommended)".
- Under Real-time spyware threat protection uncheck: "Enable real-time spyware threat protection (recommended)".
- Click the Save button and close MSAS.
- Right click on the MSAS system tray icon and select Shutdown Microsoft AntiSpyware.
Open Hijackthis, take another scan and place a checkmark next to these optinal entries.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Close all open Windows except Hijackthis and click on "fix Checked".
Reboot the computer and post a new Hijackthis log.
Installing the Recovery console is a good idea as it gives you a road back if you should suffer a catastrophic breakdown. Always be prepared.
We'll come back to that once all the above is sorted.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
|
1 registered and 22 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
