| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68331 | 2006-04-24 22:32:00 | Speedy can you take alook please | kolb (10282) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 449216 | 2006-04-24 22:32:00 | Logfile of HijackThis v1.99.1 Scan saved at 8:48:45 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\spf\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe E:\spywareguard\sgbhp.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e E:\opera beta\Opera.exe C:\WINDOWS\Amcap.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE E:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SmcService] E:\spf\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\spf\smc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
kolb (10282) | ||
| 449217 | 2006-04-24 22:47:00 | I wouldnt run too many firewalls at once. They'll conflict. Run Hijackthis again, and tick these entries, and tick fix checked. (close the browser/s). O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Are you having probs with something Kolb?? I would also update Java (www.java.com) (2nd option here) |
Speedy Gonzales (78) | ||
| 449218 | 2006-04-24 22:53:00 | yes ccclean issues finds them but wont fix have uninstaled reinstalled tried diff versions am trying other reg cleaners trying to fix these issues ...invalid clsid.... left behind from uninstalling software |
kolb (10282) | ||
| 449219 | 2006-04-24 23:10:00 | Logfile of HijackThis v1.99.1 Scan saved at 10:05:18 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\spf\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe E:\spywareguard\sgbhp.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\WINDOWS\Amcap.exe E:\hijackthis2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SmcService] E:\spf\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\spf\smc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe getting application error when completion of scan memory could not be written "0x7c9106c3" ref @"0x7c9f40c2" |
kolb (10282) | ||
| 449220 | 2006-04-24 23:32:00 | yes ccclean issues finds them but wont fix have uninstaled reinstalled tried diff versions am trying other reg cleaners trying to fix these issues ...invalid clsid.... left behind from uninstalling software I wouldnt worry about that. I would be careful, what reg cleaner you use. As some can delete valid entries for Windows, and if u delete the entry in the registry, for something important. Something may fail to work, or even boot. |
Speedy Gonzales (78) | ||
| 449221 | 2006-04-24 23:37:00 | Did you add these to IE?? O15 - Trusted Zone: http://www . trademe . co . nz O15 - Trusted Zone: http://* . windowsupdate . com If not, tick these entries as well . getting application error when completion of scan memory could not be written "0x7c9106c3" ref @"0x7c9f40c2" I would say this has something to do with faulty ram . Not a program, or something nasty . Or try reinstalling / updating whatever program, thats giving you this error . It could be bad programming, whatever the program is, thats saying this error . What program is it?? |
Speedy Gonzales (78) | ||
| 449222 | 2006-04-25 00:13:00 | only just came up running hijackthis 2nd time had tried another d/l hijackthis before your link | kolb (10282) | ||
| 449223 | 2006-04-25 00:20:00 | have updated java dont use ie very often run opera manly only use ie for applications that dont surport opera, is zonealarm f/wall & sygate f/wall too much ? | kolb (10282) | ||
| 449224 | 2006-04-25 00:28:00 | Is zonealarm f/wall & sygate f/wall too much ? Having more than 1 firewall on XP, (if both are running at the same time), is usually not a good idea . As they'll conflict with each other . Sooner or later . Up to you, whether you want to uninstall either ZA, or Sygate . |
Speedy Gonzales (78) | ||
| 449225 | 2006-04-25 00:35:00 | Logfile of HijackThis v1.99.1 Scan saved at 11:29:08 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\spf\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe E:\spywareguard\sgmain.exe E:\spywareguard\sgbhp.exe E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\WINDOWS\Amcap.exe E:\opera beta\Opera.exe E:\hijackthis2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SmcService] E:\spf\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = E:\spywareguard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\spf\smc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Speedy can i leave these..(. invalid clsid.... left behind from uninstalling software), alone no problems with them no being able to be fixed |
kolb (10282) | ||
| 1 2 | |||||