tom357 Posted September 22, 2005 Report Share Posted September 22, 2005 it take's about 7min.for computer to boot up? Once it is up it runs fine.Ran spybot adware asquared spysweeper all in safe mode with system restore off. Logfile of HijackThis v1.99.1Scan saved at 5:37:26 PM, on 9/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\taskswitch.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\HP DLA\dlatray.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exeC:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\MSMSGS.EXEC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exeO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO4 - HKLM\..\Run: [HP DLA] "C:\Program Files\HP DLA\dlatray.exe" /tO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [HP CD-DVD] C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exeO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exeO4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exeO4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dllO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122775247125O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to post Share on other sites
Dan Posted September 24, 2005 Report Share Posted September 24, 2005 Hi,You are currently running HijackThis from a temporary folder. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.To make a new folder:Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.Now, open HijackThis, click the 'Scan' button,and check the following items:O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exeO9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLLO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cabClose all windows except HijackThis, and click the 'Fix Checked' Button.Locate the following file and delete it:C:\WINDOWS\system32\taskswitch.exeReboot, and post a new log.dk Link to post Share on other sites
tom357 Posted September 24, 2005 Author Report Share Posted September 24, 2005 Thank's for the read.computer booted up in 3min. better then 7min.here's new log Logfile of HijackThis v1.99.1Scan saved at 5:56:47 PM, on 9/24/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\HP DLA\dlatray.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exeC:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Messenger\MSMSGS.EXEC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\hjt\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO4 - HKLM\..\Run: [HP DLA] "C:\Program Files\HP DLA\dlatray.exe" /tO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [HP CD-DVD] C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exeO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exeO4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exeO4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dllO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122775247125O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to post Share on other sites
Dan Posted September 27, 2005 Report Share Posted September 27, 2005 Hi,We have a couple of last steps to perform and then you're all set.First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.Next, let's clean your restore points and set a new one:Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK.2. Restart your computer.3. Turn ON System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check Turn off System Restore.Click Apply, and then click OK.System Restore will now be active again.Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:SpywareBlaster to help prevent spyware from installing in the first place.SpywareGuard to catch and block spyware before it can execute.IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.You should also have a good firewall. Here are 3 free ones available for personal use:Sygate Personal FirewallKerio Personal FirewallZoneAlarmand a good antivirus (these are also free for personal use):AVG Anti-VirusAvast Home EditionIt is critical to have both a firewall and anti virus to protect your system and to keep them updated.To keep your operating system up to date visitMicrosoft Windows Updatemonthly. And to keep your system clean run these free malware scannersAdAware SE PersonalSpybot Search & Destroyweekly, and be aware of what emails you open and websites you visit.To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?Have a safe and happy computing day!dk Link to post Share on other sites
tom357 Posted September 27, 2005 Author Report Share Posted September 27, 2005 Thank's a bunch could not do it without you.Did all you reccomended ,all fineI have spyblaster,adware,spybot ,avg and zone alarm.I will check out the other one's and follow your reccomendation's,again thank's for your help and time. tom357 Link to post Share on other sites
Recommended Posts