Jump to content
Sign in to follow this  
darkeyes

My HJT Log

Recommended Posts

Having many problems with IE....I downloaded Firefox. I can't do any kind of scans, nothing will let me scan. Can't even update AVG, Spywareblaster, Spyguard or Adaware. I'm getting Fatal Exception errors, runtime errors and illegal operation errors. Maybe the answer is in my log below. Thank you.

 

Carline

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.0

Scan saved at 9:18:47 PM, on 6/13/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\COMPAQ\INTERNET\ISDBDC.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

c:\windows\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\RINGCENTRAL\BUZME\BMUI.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=mini

search

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Access4Less

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [smcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

O4 - Startup: BuzMe.lnk = C:\Program Files\RingCentral\BuzMe\BMUI.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Canon\PhotoStitch\Launcher.exe

O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab

O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - https://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

Share this post


Link to post
Share on other sites

When did these errors begin, eg: after recent update, software installation, hardware or driver upgrade/update?

 

Can you give us the exact error messages please?

 

Have you noticed anything else acting up?

 

Please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower pane of the scanning window labled Virus Log Information and post it here. Takes quite a long time for it to finish, so be patient. ;)

Share this post


Link to post
Share on other sites

Errors began this past Friday night. I am getting Runtime errors like ESS AllegroX MPU- 401, Spywareguard runtime error 2 147417848 (80010108) , Fatal Exception at 0028:c00078c0 in VXD VMM (01)+000068c0 and many you have performed an illegal operation. Can't run any scans or do updates. Have Sygate Firewall, Adaware, Spywareguard,SpywareBlaster and AVG antivirus.

 

Last Monday I installed a Sony CD-R/RW with Nero Software. After immediate installation I was not having any problems. Teen grandaughter was on my computer Friday afternoon, seems that after that is when things started to go downhill. Will run the scan you suggested. Thank you.

 

Carline

Share this post


Link to post
Share on other sites

Well hi again Jacee,

 

 

I don't know what has happened to my puter, but it is sick!

 

I have 256 mg ram on here. I had to install Firefox as I could not get here using IE.

 

I am going to try and download MWAV and get back here afterwards. I have not been able to get any downloads to work. Thank you.

 

Carline

Share this post


Link to post
Share on other sites

Dave,

I downloaded the MWAV...that went well, checked what you said to check to scan and then scanned. It was scanning for 2:20:12 hours. It found 17 viruses and 444 errors. Only problem is, I don't know if it finished scanning as it stopped and computer was frozen so I could not copy and paste the bottom portion back here.

It is now 2am and I am out of here for tonite. I will try this scan again on Tuesday and hope that it will not freeze again.

 

Can I run this scan in safe mode or while I am not online?? Thank you for your help.

 

Carline

 

By the way, how did all this happen with the protection that I have installed on my computer??

Share this post


Link to post
Share on other sites

Hopefully you still have the scan window open, with the Virus Log Infomation in it, by the time you read this. :unsure:

 

Click within the Log section to select it, then press Ctrl+A to select everything, then press Ctrl+C to copy. Open Notepad and press Ctrl+V to paste, then save it to your desktop. Now try posting, even if it's a small section at a time.

Share this post


Link to post
Share on other sites

Dave,

I tried several things to copy and ended up loosing the scan...have since rescanned and it is sitting here on my computer. I am going to try what you suggested. Thank you

 

Carline

Share this post


Link to post
Share on other sites

Dave,

Your suggestion is not working. If I click on "log", notepad will open it, but the whole scan is there, not just the virus log. I can try to post some parts of it that maybe are viruses. The scan found 17 viruses and 444 errors. Will this work for you? Thank you

 

Carline

Share this post


Link to post
Share on other sites

Can you highlight and copy a few lines at a time? If you can pick them out of the log, that's fine. You can also email me the log if you like.

 

noahdfearATmsnDOTcom

 

[email protected]

Dot= .

 

Put PCP darkeyes in the subject line.

 

Another thing you can try first, but it would mean running it again afterward.

 

Download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. When done, scan again with MWAV and try posting the log.

 

I planned to have you do this anyway, and it should remove most of those errors, making the results much smaller. It may clear up some of your error messages as well.

Share this post


Link to post
Share on other sites

Was going to go ahead and send you the log, but this log is huge! I will go ahead and do Regseeker and then rerun the MWAV again (#@#%$) it takes so longgggg too scan. Thank you.

 

Carline

Share this post


Link to post
Share on other sites

Dave,

Having a problem downloading RegSeeker from your link.....maybe it's just me again, but when I clicked on your link it brought me to regseeker and I clicked to download and a box popped up with choices

 

 

Open with....Zip_auto_file (default)

 

Save to a Disk....

 

Sorry, but I don't know what to do or how to do.

 

Carline

Share this post


Link to post
Share on other sites

Save to disk. Doesn't matter where really, as long as it's not a temp folder. You'll need a zip program such as WinZip or Power Archiver to unzip it. I can give you a link if you need one.

Share this post


Link to post
Share on other sites

I'm going to recommend Power Archiver, mostly because I like it better, partly because WinZip is an evaluation version and prompts you to buy everytime you use it. ;)

 

Download Power Archiver version 611 here. (it's the last free version)

 

http://www.oldversion.com/program.php?n=powarc

 

Install it (no need to run it), then right click the Regseeker file wherever you saved it (a convenient location is best....move it if you want) and select Extract here. You will be promted to associate zip files, and probably others. Say yes.

 

You're most welcome. :)

Share this post


Link to post
Share on other sites

Dave,

 

I have been running RegSeeker and scanning again and again for the past 3 hours....lots of things have been deleted with the first 10 or so scans, but now it keeps coming up with just 2 files each time I scan, like the last 30 scans have been 2 files....I delete and run it again....same 2 files from the same location keep coming up and I continue to delete them. How many more scans do you think I need to do before it comes back with nothing?? Thank you.

 

Carline

Share this post


Link to post
Share on other sites

No need to scan anymore at this time. Instead, open the RegSeeker folder, then backup folder and locate one of the latest scan files. Right click and choose edit. Copy what is there and post that.

 

Go ahead and run MWAV again and see if you can post the log. If not, send me the log file.

Share this post


Link to post
Share on other sites

Hi darkeyes!

 

I've been throught the log and nothing bad jumps out at me, other than Kazaa. Is it still installed? If it is, I strongly recommend you uninstall it. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. If you opt to remove it, first use Add/Remove Program to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Yes'.

P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone to completely purge it from the system. Make sure to get the available LSPFix, and run it if you're unable to get an internet connection when done.

 

Reboot to safe mode. Search for and delete all folders named Symantec, Norton and Live Update. Delete the Kazaa and Altnet folders in C:\Program Files if present. Search for a folder named p2pnetworking (should be C:\Windows\system) and delete if found.

 

From any open Window within My Computer, select tools from the menu, then folder options. Click the view tab. Scroll down and check the boxes to show hidden files and folders as well as system files. Click Apply then OK.

 

Open C:\Temp (if present), select all and delete.

Open C:\Windows\Temp, select all and delete.

Open C:\Windows\Applog, select all and delete.

Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.

 

Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.

 

Make sure your recycle bin is empty.

 

Use RegSeeker again to clean the registry.

 

Reboot back into Windows.

 

If still having trouble with IE, close all programs and see if Internet Explorer is listed in Add/Remove programs, then click to remove. You should be offered to repair it. Do so. If not listed, check at Start>programs>accessories>system tools> system information. Click Tools on the menu, then Internet Explorer repair tool. If neither of the above help, click Start>run and paste the following command, then hit enter.

 

rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

 

Give us an update of what's going on after doing the above. If still receiving errors, please give details. ;)

Share this post


Link to post
Share on other sites

Hi Dave,

Did as you instructed. I removed all references to Norton/Symantec, did not find p2pnetworking or Kazaa. I did run Kazaabegone and I believe that may have removed Kazaa. Ran Disk cleanup and Regseeker. In Regseeker, ran it several times till there were only 2 entries showing, but they keep showing up, just like last time, guess they won't delete.

 

In my Device Manager, there is a yellow "?" mark next to ESS AllegroX MPU-401 Compatible. Any idea what this means or how to fix?

 

Also, for quite sometime now have been having problem printing pages from the internet....everytime I try to print from the internet I lose my dial up connection while page is printing. Any fix for this? It's annoying to have to reconnect to finish the print job. I have a Canon s500. Have uninstalled and reinstalled, but does not fix. Also printer is not printing the correct colors. Will print black and white, but as for colors it will only print in blues or greens. Cartridges are full and in the right slots. Is it the generic ink? Has the generic ink damaged my printer head?

 

Thank you again for all of your help, what would we do without you great people at the Pit!

 

 

Carline

Share this post


Link to post
Share on other sites

Download and run Everest to identify the Sound card. There may be a link provided to update drivers. If so, try to locate and download the latest. Look for installation instructions. You will likely need to extract/install them, then open the device manager and right click>remove the ESS device with the yellow exclamation point, then close and reboot. It should find new hardware and the new drivers and re-install them upon startup. If no luck, let us know what you find.

 

Everest Home Edition http://www.lavalys.com/index.php?page=product&view=1

 

Check for driver updates for the printer too, from the manufacturer's website. Does it print a test page OK?

 

Are these the only problems remaining?

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...