Jump to content

Which thread should I delete?


Recommended Posts

Hi,I'm having the same problem as many others I guess with the irritating blinking that won't go away.I have run Rogue remover and deleted what was found but the blinking won't go away.I clicked on "check for updates" in Rogue remover but got a msg that there were none.I understand I must send my "Hijack this" log report.If anyone could help,I would appreciate it.Thanks.My log is:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 4:31:12 μμ, on 24/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Giasou\My Documents\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [ms] C:\msupd02.exe

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Caledar.lnk = C:\Program Files\GrBiblos\Caledar\Caledar.exe

O4 - Global Startup: Uninstall.exe

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159251541961

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: infumate - {d7058baa-49a4-40b7-95c2-eec95cdf51f3} - C:\WINDOWS\system32\viuaoq.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

--

End of file - 5642 bytes

Link to post
Share on other sites

Please do not post multiple threads or send private messages asking for help. We all learn with the logs being public.

Please download, install, and update AVG Anti-Spyware (http://www.ewido.net/en/download/)

Load AVG Anti-Spyware and then click the "Update" tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the "Scanner" tab at the top and then click on "Complete System Scan".

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on Save Report, then Save Report As. This will create a text file. Make sure you save this file where you can find this it again (like on the Desktop).

Restart your computer and post the contents of the AVG Anti-Spyware text report that you saved and a fresh hijackthis log.

Link to post
Share on other sites

I apologise for any blunders.Haven't been in a forum before.I hope I'm not posting another thread now.I clicked "reply" in order to attach this msg to the same thread.Just hope this is the right way.If not, please be patient.Anyway,thank you for your advice.I will follow your instructions and get back to you.Thanks again.

Please do not post multiple threads or send private messages asking for help. We all learn with the logs being public.

Please download, install, and update AVG Anti-Spyware (http://www.ewido.net/en/download/)

Load AVG Anti-Spyware and then click the "Update" tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the "Scanner" tab at the top and then click on "Complete System Scan".

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on Save Report, then Save Report As. This will create a text file. Make sure you save this file where you can find this it again (like on the Desktop).

Restart your computer and post the contents of the AVG Anti-Spyware text report that you saved and a fresh hijackthis log.

Link to post
Share on other sites

Hi again.Here are the results of the AVG Antispyware scan and a fresh Hijack This log.Thank you.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 3:19:48 μμ 25/5/2007

+ Scan result:

C:\Documents and Settings\All Users\Documents\ShareazaCmplt\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).

D:\GamesShareaza\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Documents\ShareazaCmplt\Kaspersky Anti-Virus v.6.0.2.614 Final + Kaspersky Internet Security v.6.0.2.614 Final_DnGnMsTr.rar/Kaspersky Anti-Virus v.6.0.2.614 Final + Kaspersky Internet Security v.6.0.2.614 Final_DnGnMsTr\Anti-Virus\KEY\kasper.rar/KIS.2006\kis.6.0.1.411.fixed.upped.by.magic\Crack.exe -> Downloader.VB : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Documents\ShareazaCmplt\Kaspersky Anti-Virus v.6.0.2.614 Final + Kaspersky Internet Security v.6.0.2.614 Final_DnGnMsTr.rar/Kaspersky Anti-Virus v.6.0.2.614 Final + Kaspersky Internet Security v.6.0.2.614 Final_DnGnMsTr\Internet Security\KEY\kasper.rar/KIS.2006\kis.6.0.1.411.fixed.upped.by.magic\Crack.exe -> Downloader.VB : Cleaned with backup (quarantined).

::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:28:30 μμ, on 25/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Giasou\My Documents\Downloads\HiJackThis_v2.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [ms] C:\msupd02.exe

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Caledar.lnk = C:\Program Files\GrBiblos\Caledar\Caledar.exe

O4 - Global Startup: Uninstall.exe

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159251541961

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: infumate - {d7058baa-49a4-40b7-95c2-eec95cdf51f3} - C:\WINDOWS\system32\viuaoq.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

--

End of file - 6148 bytes

Link to post
Share on other sites

I have followed your instructions and the blinking icon seems to have gone.I say "seems" because when the problem was present, it didn't appear every time I switched on the pc, only sometimes.So I guess I have to wait a couple of days to be sure.In the meantime please allow me to ask one more question.In another member's thread I read that if we want to express our appreciation, we can buy Rogue Remover.Well, I am not a rich person but I would most definitely like to show my appreciation and say thank you for the invaluable advice I have received through this site. It's the least one could do.The only problem is I don't have a credit card myself ( hard to believe, isn't it?). Anyway, is it ok to use a friend's credit card to make this purchase? With her permission of course! Thanks again for all your help.

Link to post
Share on other sites

maketa,

If you post another HijackThis log, we will definetely take a look to see if the infection is gone. As for using a friend's Credit Card, I don't see why it would be a problem as long as the billing address and everything is under their name.

Link to post
Share on other sites

Hello again from cloudy (today) Athens. Here is a fresh HJT log. So far the icon hasn't appeared.It must be gone. I have also followed some advice I read somewhere on your site and started using Mozilla as well as Comodo firewall. My pc has become rather slow and "sticky". Is it because of the firewall or because I only have a Pentium 3 1000mhz? Also I have purchased Rogue Remover and downloaded it. Should I uninstal the first one before installing the pro? Thanks again for having been such a great help. It's great to know you are there!;) Now my log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:29:02 μμ, on 28/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Giasou\My Documents\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [ms] C:\msupd02.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Caledar.lnk = C:\Program Files\GrBiblos\Caledar\Caledar.exe

O4 - Global Startup: Uninstall.exe

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159251541961

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91450540-3E5E-4808-BA26-6F252666D9DF}: NameServer = 195.170.0.1,195.170.2.2

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

--

End of file - 5357 bytes

Link to post
Share on other sites

maketa, Please open HijackThis and place a check mark next to the following items.

O4 - HKLM\..\Run: [ms] C:\msupd02.exe

O4 - Global Startup: Uninstall.exe

Then please download StartUpLite from http://www.malwarebytes.org/startuplite.php. It will tell you which items are not needed to startup and possibly increase your system speed. Yes, please uninstall RogueRemover FREE before installing RogueRemover PRO.

Link to post
Share on other sites

When you say place a check mark next to the specific items, do you mean and then delete them?Sorry if the question borders complete ignorance but I need to be sure about what I have to do.Thank you. Conerning Rogue Remover pro I have installed it but I am unable to register because I get a message the the key is invalid. I have made sure I entered both the ID and Key numbers correctly and that I didn't leave any spaces between the numbers ot enter the words ID or Key. I have sent a mail to support as well about this. Thanks again for your time and trouble.

Link to post
Share on other sites

Yes, sorry. I meant please select 'Fix Checked' when you have done that. As for e-mailing me, did you e-mail marcin at malwarebytes dot org. I don't seem to have the e-mail on the list. Would you mind trying again =). I will help you resolve the issue.

Link to post
Share on other sites

OK I have fixed checked.I will let you know how it goes.Yes, it was Marcin I sent a mail to. I received a reply today giving me another download link for RR pro and giving me the same ID and Key numbers amd telling me I have three more download attempts until June 12.I have performed the download from the new link I was sent. Do I need to uninstal the first RR pro before proceeding?One more question.Comodo Firewall tells me that LuComServer3 0.exe is trying to connect. Do you recognise this item?Thanks again.

Link to post
Share on other sites

It appears that LuComServer is part of Symantec or Norton Antivirus. As for the three more download attemps, don't worry about that, you are free to download RogueRemover PRO as many times as you'd like.

Uninstall all RogueRemover PRO versions from your computer. Download this one: http://www.malwarebytes.org/rr-update/rr-pro-setup.exe (This is the same one I provided you in the e-mail with).

Install it and start it. Click the register button. Type in the ID code (in the form of XXXXXX). Do not include the word 'ID:' or any spaces. Type in the KEY code (In the form of XXXX-XXXX-XXXX-XXXX). Do not include the word 'KEY:' or any spaces.

Let me know how it goes.

Link to post
Share on other sites

I have clicked on the link you sent me in order to download RR pro but in the dialogue box that opens informing me that I'm downloading something, only the "cancel" option is clickable. There is another one,'save file" but it's greyed out. I cannot click on it to save it anywhere. I have done this a few times but the only option I am given is to "cancel" the download. Thanks. By the way I haven't received a mail from you. Only from Marci@support._

I have clicked "edit" In the forum because I need to mention something that might help. I hope I am not opening a new thread! The last time I switched on my pc, the screen went blue and I managed to write down the following while it " dumped physical memory to disc". The message was: " A problem has been detected and Windows has been shut down to prevent damage to your computer." Then it said: KERNEL_DATA_INPAGE_ERROR. And there was mention of this item: win32k.sys-Address BF978C15 base at BF800000 Datestamp 41107F7a. Then I was able to operate my computer normally. Does this mean anything? Thanks again. Sorry if I'm giving you a headache.

Link to post
Share on other sites

I am Marcin =).

As for clicking the link, are you using Internet Explorer. Do you have any other browsers you can try with? The blue screen error you mentioned happens when you have fault RAM or conflicts with your antivirus programs.

Link to post
Share on other sites

I was able to download RRpro with IE using the link you sent me but I still get an invalid login and key message.I am making sure that the numbers are entered according to your instructions but nothing changes. Perhaps I should tell you that every time I open RR it takes about 15-20 minutes for the blue line to fill. Is that normal?

Concerning the ram fault / antivirus conflict, is there any way I can find out which of the two causes the problem and perhaps try and rectify it? Thanks Marcin.

Link to post
Share on other sites

That is not normal at all. Can you please post a new Hijack This log. Also, can you open Task Manager (Ctrl + Alt + Del). There should be a column labeled CPU usage. Which process is using the most CPU and on average, what percentage.

Link to post
Share on other sites

The process that uses most cpu is TCPSVCS.EXE 75%-95%.

Here is a fresh Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:32:26 πμ, on 31/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Giasou\My Documents\Downloads\HiJackThis_v2.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Caledar.lnk = C:\Program Files\GrBiblos\Caledar\Caledar.exe

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159251541961

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91450540-3E5E-4808-BA26-6F252666D9DF}: NameServer = 195.170.0.1,195.170.2.2

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

--

End of file - 5880 bytes

Thank you.

Link to post
Share on other sites

Registration resolved. I must apologise. When you said no spaces I thought you were referring to the dashes between the key numbers so I was entering them in the form XXXXXXXXXXXXX and not XXXX-XXXX-XXXX etc. It was only when I read one of your replies again that it dawned on me. I'm sorry if that gave you extra trouble. ;)

It still takes about 20 minutes for the blue line to fill. I opened the Task Manager again and the process that uses most cpu is TCPSVCS.EXE and it ranges from 48% to 99%. Do you recognise this item? Thanks again. Have a nice day or evening. ^_^

Link to post
Share on other sites

tcpsvcs.exe is a part of Microsoft Windows networking components. This essential system process is initiated when the computer uses special TCP/IP networking services such as DHCP, Simple TCP and print services. This program is important for the stable and secure running of your computer and should not be terminated.

I'm not quite sure why yours is using that much CPU. Have there been any connections blocked by your firewall. I'm glad you got your registration problem resolved.

Link to post
Share on other sites

Well, I opened Network Monitor of Comodo and there was an item called "allow and log" which had been blocked and I unblocked it but nothing changed.I didn't see any connections blocked.I also uninstalled Comodo to see if there was any improvement but there was none. I'm not an advanced computer user so there are a lot of abbreviations and coded words which I don't understand.Thanks anyway. You have helped tremendously.p.s.I opened Task Manager again and noticed that EXPLORER.EXE also runs 0-30% of cpu when I'm not even using it.Is that normal?

Link to post
Share on other sites

I see you are running NOD32 and AVG Anti-Spyware. Are those the only Anti-Virus and Anti-Spyware utilities that you are running? Please open NOD32, update it fully, and run a FULL system scan. Please post the log here after you are done. Then do the same with AVG Anti-Spyware. Update it and run a FULL system scan. There is still something hiding somewhere I think.

Link to post
Share on other sites

I also have Spybot and adaware. I think the TCPSVCS.EXE problem has been resolved. A friend sent me a link to a site called "neuber" where I read the following msg:

"No Virus!!!

But I solved the problem!

Well... after further reading on the Service I noticed it's also related to DHCP.

Then I looked in the network settings and decided to remove File and Printer Sharing. Didn't fix it

So I decided to rebuild the IP stack. After rebuilding the IP Stack I restarted the PC and the problem was still there. I looked at Network Properties again and noticed that the new IP stack added TCP/IP Version 6 yet the old TCP/IP was still there. I tried modifying Ver 6 for DNS and WINS info and there was no way to modify it. So... I decided to just add the DNS/WINS info in the old TCP/IP. *restarted* once again.. Didn't fix it

Finally I decided to just delete Version 6 TCP/IP *restarted* and it worked!!

Network was the issue all along. Rebuild IP stack or network all together. My guess is either will work. " End of msg.

I also removed Version 6 TCP/IP and it seems to be ok now. But it seems that my cpu feels the need to "be used". ;) It often runs 100%. Either cpf.exe or system are the ones that use most of it.

Also what seems to be the problem when at start up the screen goes light blue and checks files and folders' state and gets stuck at 19%? After a few tries it starts up normally.

Anyway here are the scan results og AVG Anti-Spyware and nod32. Thank you.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 3:40:25 μμ 3/6/2007

+ Scan result:

Nothing found.

::Report end

And nod32:

Scan performed at: 3/6/2007 12:50:35

Link to post
Share on other sites

maketa, we are just a group of volunteers. My name is Marcin, I am the founder of Malwarebytes and am located in Chicago. As for your problem, has the speed improved since you took care of the TCP settings. Lets do a bit of maintenence.

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

Select the following:

cleaner.gif

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

Then please defragment your hard drive. This may take from a couple of minutes to a couple of hours. Please let it complete uninterrupted. This may speed up your hard drive a lot.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.