Memory - Footslog's Web Boards

For information on how to deal with, and protect your computer, please go down to the bottom of the help desk to the archive section (main page). From there select how to combat Spyware, in this archive there are many tools, which will help you combat this problem. Problems concerning the Windows XP Operating System should go in this forum.

Email This Page to Someone

Footslog's Web Boards

Windows XP

Memory

profile | register | preferences | faq | search

next newest topic | next oldest topic

Author	Topic: Memory
Shensai Member	posted August 27, 2006 10:37 AM And now I can no longer use "Save Target As..." when trying to download. IP: Logged
Shensai Member	posted August 26, 2006 09:45 AM Sorry it's been so long, but I seem to be unable to retrieve a log from either site you sent me to. Is this something saved in a hidden log somewhere in my system? IP: Logged
Josh1 Administrator	posted August 07, 2006 05:32 PM I don’t know if you can get online even with networking support with AOL. Well we could try and kill every process that is running, expect what is needed, to try and get rid of the bad stuff. So lets try this, in windows go to start run then type msconfig, then go to selective startup hit apply and okay, reboot the computer and then try to get online and run the scans. If that does not work I will think of something else. ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted August 06, 2006 10:23 AM Sorry it has been so long, but I have been trying to get on-line in safe-mode and I've been unsuccessful. I re-boot using F8, then use safe-mode with network support, then try to go on-line but my system keeps telling me it is either busy or invalid. I have checked everything the troubleshooting guide mentions (this is AOL by the way) and everything is in order. What am I doing wrong? IP: Logged
Josh1 Administrator	posted August 01, 2006 03:40 PM Yes when you boot your computer up, before the Windows XP splash screen press the F8 key when you get to the menu go to safe mode with networking support, then youcan get online and run the scans. ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted August 01, 2006 03:10 PM How would one go about running housecall in safe-mode? Am I able to go on-line during this mode? IP: Logged
Josh1 Administrator	posted July 30, 2006 04:17 PM Yea you have some backdoor and Trojans on your machine, so go here and run the virus scan housecall.antivirus.com/housecall/start_corp.asp ands delete any files found. Then go here and run the Spyware scan www.trendmicro.com/spyware-scan make sure you run both of these scans in safe mode. Then post the results. ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted July 29, 2006 10:29 AM I have since deleted this file. Still can't get my memory back. I am even unable to de-frag my drive for there isn't enough room. IP: Logged
Shensai Member	posted July 29, 2006 08:59 AM I also went to the Virus Total Site and had that file scanned. Here is the results if it helps... AntiVir 6.35.1.0 07.29.2006 BDS/VB.ate.2 Authentium 4.93.8 07.29.2006 W32/Backdoor.NHS Avast 4.7.844.0 07.29.2006 Win32:Trojan-gen. {VB} AVG 386 07.28.2006 BackDoor.Generic3.DT BitDefender 7.2 07.29.2006 no virus found CAT-QuickHeal 8.00 07.29.2006 no virus found ClamAV devel-20060426 07.29.2006 no virus found DrWeb 4.33 07.29.2006 BackDoor.Nodo eTrust-InoculateIT 23.72.81 07.29.2006 no virus found eTrust-Vet 12.6.2314 07.28.2006 no virus found Ewido 4.0 07.29.2006 Backdoor.VB.ate Fortinet 2.77.0.0 07.29.2006 W32/VB.ATE!tr.bdr F-Prot 3.16f 07.28.2006 security risk named W32/Backdoor.NHS F-Prot4 4.2.1.29 07.28.2006 W32/Backdoor.NHS Ikarus 0.2.65.0 07.28.2006 no virus found Kaspersky 4.0.2.24 07.29.2006 Backdoor.Win32.VB.ate McAfee 4817 07.28.2006 no virus found Microsoft 1.1508 07.27.2006 no virus found NOD32v2 1.1683 07.28.2006 probably unknown NewHeur_PE virus Norman 5.90.23 07.28.2006 W32/VBDoor.AER Panda 9.0.0.4 07.29.2006 Suspicious file Sophos 4.08.0 07.29.2006 no virus found Symantec 8.0 07.29.2006 no virus found TheHacker 5.9.8.182 07.27.2006 Backdoor/VB.ate UNA 1.83 07.28.2006 Backdoor.VB VBA32 3.11.0 07.28.2006 Backdoor.Win32.VB.ate VirusBuster 4.3.7:9 07.28.2006 no virus found IP: Logged
Shensai Member	posted July 29, 2006 06:01 AM I'm not sure as to what it could be, and yes, I have been using the get right program for quite a while with no ill effects to my system. IP: Logged
Josh1 Administrator	posted July 23, 2006 05:37 PM Well I don’t know what these are, do you algchk.exe" = "C:\WINDOWS\system32\algchk.exe" [null data] And do you use the Get Right download manager? ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Josh1 Administrator	posted July 22, 2006 05:35 PM Okay let me have a look at this and again on Tuesday or Wednesday I will have my results. ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted July 22, 2006 06:42 AM Here is what the program gave me. Hope you can make it out. Sorry it took me so long. "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" [file not found] "algchk.exe" = "C:\WINDOWS\system32\algchk.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "IntelMeM" = "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" ["Intel Corporation"] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"] "ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"] "Acronis True Image Monitor" = "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" ["Acronis"] "Acronis Scheduler2 Service" = "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" ["Acronis"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "HostManager" = "C:\Program Files\Common Files\AOL\1135433168\ee\AOLSoftware.exe" ["America Online, Inc."] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS] "WinampAgent" = ""C:\Program Files\Winamp\Winampa.exe"" [null data] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."] "RegistryMechanic" = (empty string) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided) -> {HKLM...CLSID} = "bho2gr Class" \InProcServer32\(Default) = "C:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{E0BD38EB-C8EC-11D2-B274-B493B003B125}" = "East-Tec Eraser Context Menu Shell Extension" -> {HKLM...CLSID} = "East-Tec Eraser Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\ETCONT~1.DLL" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}" -> {HKLM...CLSID} = "East-Tec Eraser Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\ETCONT~1.DLL" [null data] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}" -> {HKLM...CLSID} = "East-Tec Eraser Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\ETCONT~1.DLL" [null data] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "Scott" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Scott\Start Menu\Programs\Startup "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."] "GetRight - Tray Icon" -> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."] "Image Transfer" -> shortcut to: "C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe" [null data] Enabled Scheduled Tasks: ------------------------ "MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acronis Scheduler2 Service, AcrSch2Svc, "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" ["Acronis"] AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see everywhere* the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 65 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 9 seconds. ---------- (total run time: 111 seconds) IP: Logged
Josh1 Administrator	posted July 18, 2006 09:58 PM I cannot find anything with that log, could you run this tool? http://www.silentrunners.org/sr_download.html How to use this tool http://www.silentrunners.org/sr_scriptuse.html ------------------ Forget not my law but let your heart keep my commandments Proverbs 3:1 Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Josh1 Administrator	posted July 16, 2006 12:32 PM Okay I will have a look at the log and get back to you On Tuesday, is that okay with you? ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted July 15, 2006 06:38 AM Here is what I have from the log; Logfile of HijackThis v1.99.1 Scan saved at 8:23:44 AM, on 7/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\AOL\1135433168\ee\AOLSoftware.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\algchk.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Documents and Settings\Scott\My Documents\My Received Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135433168\ee\AOLSoftware.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [algchk.exe] C:\WINDOWS\system32\algchk.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Image Transfer.lnk = ? O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144269607484 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{571C2F0B-6791-46F5-B1D9-297DBB688A51}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{571C2F0B-6791-46F5-B1D9-297DBB688A51}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) IP: Logged
Josh1 Administrator	posted July 09, 2006 11:36 PM Yea sounds like a virus, if you want go ahead and post your hijack log here and we can take a look at it ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Shensai Member	posted July 09, 2006 10:51 AM I normally have around 42% free space on my system. As of recently I now only have 12%. I have tried removing several files to free up room, but it seems to have no effect. I have run housecall.antivirus and also hijackthis to which I have saved a log account (I have no idea what any of that gibberish means). What am I doing wrong? Help? IP: Logged

All times are CT (US)	next newest topic \| next oldest topic
Administrative Options: Close Topic \| Archive/Move \| Delete Topic
	Hop to:

Contact Us | Footslog Home

The information presented on FootsloG.com is copyrighted as a collective work. FootsloG.com is free for personal use (non-commercial). Any other use FootsloG.com, including copying or reproducing any portion of this web site is strictly prohibited without the express written consent of FootsloG.com. If you have any questions about the usage term please contact us via email: webmaster@footslog.com.

Problems, Knowledge, and Power, powered by intelligent Computing Solutions