|
| ||
| PLEASE help with HJT log... I am new to this site, but it seems like you might be able to help. I HAD the pokapoka.exe virus, but I think its gone. Now I am still having problems with my IE, OutLook, AIM, ect, I keep getting the About:Blank screen and my PC is running EXTREMELY slow. I ran Ewido, and it picked up some things, but the problem continues. I also tried LQfix. Here is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:04:03 AM, on 10/22/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\HP DVD\Umbrella\DVDTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\wininit32.exe C:\Program Files\MSWorks\Calendar\WKCALREM.EXE C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE C:\WINDOWS\System32\wuauclt.exe C:\SpywareTools\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Microsoft Update 64 BIT] wininit32.exe O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] wininit32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TFTP3368 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe Any help is appreciated! |
| ||
| Re: Need help with HJT log... i think i found you problem, its: SysUpd.exe for more information go to, http://www.pchell.com/support/tscash.shtml to dlete it through hjt scan it and check(tick) O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe |
| ||
| Re: Need help with HJT log... please add to my reputation |
| ||
| Re: Need help with HJT log... Check the Task manager and see how much cpu Ewido is using. I had a look the other day at mine because my browser was freezing and found that Ewido was using 50% + resources. I disabled the guard and everything was fine. == You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop but do NOT run it yet. Then please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, please reboot back into normal mode. == Then please do the following. =============== Go to Add/Remove programs and remove(uninstall) the following, if present: TSCash The above could appear anywhere within the entry. Be careful not to remove any personal or system software. =============== Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's: 1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders: wininit32.exe* 2) Then if any are found in the 'prefetch' folder, delete them. Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it. =============== Next, Open a command prompt by: 1. Clicking "Start", then "Run...". 2. Enter "cmd" (without the quotes). 3. Enter "services.msc" (without the quotes). - Now, locate and 'stop' the following services, if present: Microsoft Update 64 BIT ... (wininit32.exe) Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. Once stopped, set this service to disabled. =============== Run HiJackThis then: 1. Click "Open the Misc Tools Section" 2. Click "Open Process manager" - Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following: C:\WINDOWS\System32\wininit32.exe Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain. =============== Still in HiJackThis, click "Scan", then check(tick) the following, if present: O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Microsoft Update 64 BIT] wininit32.exe O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] wininit32.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: folders... C:\WINDOWS\System32\P2P Networking files... C:\WINDOWS\System32\wininit32.exe C:\WINDOWS\SysUpd.exe C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Search for... windir32.exe ...using "Start | Search...". - Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode". - Reboot. =============== After rebooting, rescan with hijackthis and post back a new log, along with the entire contents of the log.txt file in the aproposfix folder. Please let me know how your pc is now. |
| All times are GMT -4. The time now is 4:03 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC