| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68331 | 2006-04-24 22:32:00 | Speedy can you take alook please | kolb (10282) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 449226 | 2006-04-25 00:40:00 | error prompt only shows when i do hijackthis ,.,.do a system scan & safe a log file ,runs fine when i ,.do a system scan only | kolb (10282) | ||
| 449227 | 2006-04-25 00:53:00 | Umm, are you using Spybot Search and destroy as well?? This entry O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Shouldnt be in HJT either. Run HJT again and tick this entry and tick fix checked as well. (If Spybot isnt installed). Close all windows / browsers. |
Speedy Gonzales (78) | ||
| 449228 | 2006-04-25 01:03:00 | yes running spybot have uninstalled spf Logfile of HijackThis v1.99.1 Scan saved at 11:59:34 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe E:\spywareguard\sgbhp.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e E:\opera beta\Opera.exe E:\hijackthis2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
kolb (10282) | ||
| 449229 | 2006-04-25 01:14:00 | The log looks fine to me . You can leave O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present in then if Spybot is installed . Is there anymore to these 3 entries?? O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - BUT you can run HJT again, tick this entry and tick fix checked . O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1 . 5 . 0_06\bin\jusched . exe - this doesnt have to be in startup . What have u got thats Symantec?? The Anti-virus?? Since Liveupdate shows in hijackthis . |
Speedy Gonzales (78) | ||
| 449230 | 2006-04-25 01:27:00 | had nortons used there uninstaller month or so ago #6 restored backup but doesnt show now ? Logfile of HijackThis v1.99.1 Scan saved at 12:23:49 PM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe E:\spywareguard\sgbhp.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\WINDOWS\system32\wuauclt.exe E:\opera beta\Opera.exe E:\hijackthis2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
kolb (10282) | ||
| 449231 | 2006-04-25 01:45:00 | OK, if there's no Symantec programs installed at all, I would tick this entry and tick fix checked . O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc . exe (file missing) Go to Program Files . If there's a Symantec folder here, delete it . Go to Program Files/common files/Symantec . If this is there, delete the folder . Go to c:\documents and settings\all users\application data\Symantec delete this folder . Then use ccleaner (http://www . ccleaner . com) install it run it then click on issues / scan for issues . Remove any entries that come up . |
Speedy Gonzales (78) | ||
| 449232 | 2006-04-25 02:50:00 | ccleaner ran several times fixed some still 594 issues that dont get fixed Logfile of HijackThis v1.99.1 Scan saved at 1:45:05 PM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe E:\spywareguard\sgbhp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e E:\opera beta\Opera.exe E:\hijackthis2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
kolb (10282) | ||
| 449233 | 2006-04-25 03:00:00 | I dont think ccleaner can remove all of the entries at once . Click on issues / scan for issues, a few times, until all entries have been removed . Make sure you're using the latest version, 1 . 28 . 277 The hijackthis log looks fine to me . No need to post anymore logs |
Speedy Gonzales (78) | ||
| 449234 | 2006-04-25 03:48:00 | Speedy Gonzales thank you for your help with hjt still have the issues with cc wont even fix issues singular | kolb (10282) | ||
| 449235 | 2006-04-25 03:55:00 | Dont know then . Try it in safe mode, see if it works . It should let u delete whatever in normal mode . No harm in leaving the entries there anyway . Wont hurt anything . |
Speedy Gonzales (78) | ||
| 1 2 | |||||