Posts by airgb

Guys once again I think I have contracted either a virus or tanted program. Today my DSL (sbc) started running very slowly, I rebooted, system restored, ran all virus programs, and even tried different cables with no luck. Called their tech, he pinged, I pinged, he checked for known problems and again no luck. So before I go check another home's DSL line or even worse reformat my C:/ drive "GASP" I thought I'd let one of you studs have a look see. Oh and I tried my dial up access and like the title says it was slower than slow too.
Thanks ahead of time, airgb

Logfile of HijackThis v1.99.1
Scan saved at 4:16:54 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe
C:\Documents and Settings\LKB\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forex.com/
…

Outstanding! Thanks again for you support! LB

Well it's been a while since I've needed your help (so fixed me so good last time)but it seems I've contracted another bug. Today I've been getting popups via MS explorer (which I never use anymore). I have ran AdAware SE about an hour ago and have not seen any since but I thought I'd do a Highjack scan and see if something still might be there. If your would please have a look and get back to me.
Thanks again, LB

Logfile of HijackThis v1.99.1
Scan saved at 9:53:49 AM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\QuoteTracker2\stocks.exe
C:\Documents and Settings\LKB\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: …

Sure, it's just those little reminders that MS thought we all needed like when I log on to my modem one pops up telling that I'm logged on and the speed. There are many that are of the software update/anti virus update types also. They will not go away until they are clicked on. I've looked every where on MS help trying to find how to get rid of them but no luck (and like I said I can't remember how I did it last time) so I thought I would try you guys.
thanks again

Can someone please tell me how to get rid of those irritating desktop pop-up balloons on XP. I reinstalled a few months back and forgot how to 86 them.
Thanks

elitevmx32.exe did exsist and since I've deleted it that seems to have solved the dialog box issue. However, 023 is still showing up in the log and when I went to registry edit (SvcProc) is not in either location you provided. I see also that the others are still showing up in the log too even after safe mode deletes, R0,R3,ect. I currently am not having any problems even though those files are still visible. Here is the lastest log.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:57 AM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Documents and Settings\LB\Favorites\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)

After this last fix I'm not getting the Ewindo alerts anymore however I am still getting the "elitevmx32.exe" dialog box which states "elitevmx32.exe has encountered a problem and needs to close. We are sorry for the inconvenience. [Send Error Reprot], [Don't Send]." Also I noticed on the Fix Checked page of HjackThis after this last scan some of the files that you wanted me to check were still there. Is this ok or should I check them and run Fix Checked again? Here's the last report. Thanks once more.

Logfile of HijackThis v1.99.1
Scan saved at 9:31:46 AM, on 6/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\LB\Favorites\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

Thanks Crunchie for the reply and I apologize for the double post but was
getting worried that no one was going to get back to me. I've done most of
what you asked other than installing the www.trendmicro.com's "free online
scan". I have the file downloaded however when I try to install it I get a
"16 bit Windows Subsystem" dialog box. The box states "C:\Windows\System32\
Autoexec.int. The system file is not suitable for running MS Dos and MS
Windows applications. Choose close to terminate the application." Maybe related
I've had MS AntiSpyware on this computer for the last 3 to 4 weeks and could
scan with no problem however since this Aurora problem started that program
would freeze up. I uninstalled it (or thought I did) and then tried to
reinstall it however I now I also get a dialog box stating "MS
AntiSpyware Installer Information,Internal Error 2755.1631, C:\Windows\
downloaded\installations\{0F5BF410-4D790-4DBE-AF54-C3271D47D4B}\microsoft
antispyware.msi." It also now says it's installed on my C: drive however
when I try to delete it I get an Add or remove programs dialog box stating
"The windows installer service failed to start. Contact your support
personnel." Either way it's not effecting anything.

I'm now also getting quite a lot of Evindo "clean" alerts saying it will be done on
the next boot up, however even after that I'm still getting the same alerts.
The Aurora …

Guys I wish I would have known of you a month ago! Apr 15 I contracted a very bad virus which I thought I'd gotten rid of until a week and a half ago when it seemed to reappear. Then I got it through an online radio station via MS media player and from then on everything associated with IE seemed to set it off so I deleted every file I found made on that day, after that I deleted IE and every other MS web type program/file. That seemed to solve the problem and since then I've only been online via Mozilla/Firefox. A few weeks ago I started getting IE script error dialog boxes (5 to 8 at a time) that would pop up constantly unless I left them open. Then shortly afterwards the other pop ups started again, mainly Aurora. I've got all the anti virus programs and everytime I run them they say I've got hits. Cleaning them out doesn't help. I was going to just solve it all and re-format my C drive today but ran across your site and thought I'd throw a pitch at you and see if you'd like to take a swing at my problem? Here's the Hijack script you seem to ask everyone for. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:30:46 PM, on 5/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
…