Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help me repairing system after Worm.Bagle.FU

Started by halex , Mar 11 2006 06:01 AM

  • Please log in to reply

#1
halex
Posted 11 March 2006 - 06:01 AM

halex

    New Member

  • Member
  • Pip
  • 3 posts
Hello there,

My Windows XP SP2 was infected with Worm.Bagle.FU virus and when I was infected I couldn't work almost nothing because system process winlogon.exe was keeping CPU at 90%. This Worm disabled all antiviruses, Windows firewall on startup, also disabled all Antivirus Webpages (if you go in IE to them you got "Page not found"). When I installed Avast and run it disabled it instanteniosly.
I turned off System Restore and I have manage to clean this worm with Ewido Antispyware (mloader.dll was infected in windows/system32 dir). I also installed Windows Defender and scanned whole system and remove found spyware, I installed, scanned and remove found spyware with SpyBot and Ad Aware and also repaired registry with Registry Mechanic.
Since then I have a problem when running browser (IE, Firefox,...). It starts and after few clicks it crashes - (fatal error was occured, do you want to sent information to Microsoft?) There is no rule - I can work in IE less then a minute, or 2-5 minutes before crash. If I move this dialog box with crash info to the screen corner I can continue working in IE. If I look in IE settings I can see that there are checked options "Disable script debugging" and not checked "Display notification about every script error".
If I look details of this bug in IE I can see in section where it said what dll is problematic "dll: unknown"...
I also reinstalled Windows XP SP2 over existing installation (keeping my data), delete all temporary files and IE temporary files and cookies and I ran System File Checker sfc /Scanow
I would like to repair this problem and I am sending you a log hoping that you can help me. I see some files are missing and that problematic mloader.dll is one of them...
All other programs seem to work fine on my computer. Only IE is a problem.

Thanks in advance
Alex
email=REMOVED

My LOG from SAFE MODE:

Logfile of HijackThis v1.99.1
Scan saved at 11:42:37, on 11.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Utils\Hijack Windows Log\HijackThis.exe

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O2 - BHO: NMIEHelper Class - {CE92F0E4-87AD-11D3-B713-00C04F8F6C86} - C:\Program Files\Compuware\DevPartner Studio\Analysis\NMIEHELP.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://projekti/Proj...ts/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141941196296
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129620209138
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpu...xp/ScanFile.CAB
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://projekti/Proj...033/pjcintl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {C272534C-74F1-424D-84DC-B545540838DC} (Rdp Class) - https://www.ll2go.co.../LapLinkRdp.dll
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - http://www.pcpitstop...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.pri
O17 - HKLM\Software\..\Telephony: DomainName = domain.pri
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.pri
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: mloader32 - mloader32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: PCANotify - PCANotify.dll (file missing)
O23 - Service: Apache2 - Unknown owner - c:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - Unknown owner - C:\Program Files\ewido anti-malware\ewidoguard.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server FullText Search (SQL2005) (msftesql$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SQL2005 (file missing)
O23 - Service: SQL Server Analysis Services (SQL2005) (MSOLAP$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server (SQL2005) (MSSQL$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQL2005 (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Visual Studio 2005 Remote Debugger (msvsmon80) - Unknown owner - c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: DevPartner Control Service (NCS) - Compuware Corporation - C:\PROGRA~1\COMPUW~1\DEVPAR~1\Analysis\NCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (SQL2005) (SQLAgent$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i SQL2005 (file missing)

Edited by Metallica, 11 March 2006 - 06:22 AM.

  • 0

Advertisements

#2
Metallica
Posted 11 March 2006 - 06:28 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi halex,

I removed your email address from your post. Spambots do harvest them from websites, so you should be more carefull where you post it. :tazz:

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: mloader32 - mloader32.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: PCANotify - PCANotify.dll (file missing)
O23 - Service: Apache2 - Unknown owner - c:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite guard - Unknown owner - C:\Program Files\ewido anti-malware\ewidoguard.exe (file missing)

O23 - Service: SQL Server FullText Search (SQL2005) (msftesql$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SQL2005 (file missing)
O23 - Service: SQL Server Analysis Services (SQL2005) (MSOLAP$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server (SQL2005) (MSSQL$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQL2005 (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Visual Studio 2005 Remote Debugger (msvsmon80) - Unknown owner - c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: SQL Server Agent (SQL2005) (SQLAgent$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i SQL2005 (file missing)

Then reboot and find this file:
C:\WINDOWS\System32\drivers\etc\hosts

Rightclick it and rename it to hosts.bak

Then try accessing the Antivirus websites you had trouble reaching before.
Let me know if you can get there now and post a new HijackThis log.

Regards,
  • 0

#3
halex
Posted 11 March 2006 - 07:39 AM

halex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello,

Thank you for your solution of removing problematic tasks.
When I was writing you first letter I was in safe mode and when I finished all scanning I returned to normal mode and after that I went to Yahoo Mail and see that you have responded to my problem and I also saw your message in forum and all the time IE was working ok.
Then I go again to safe mode to delete these entries you told me.
I have done it - someone doesn't want to delete but I suppose that they are not the problem...
Also renamed "hosts" file ...

Sending you a new log and I am going to normal mode again and I will try to work and if I found problems I will write again, if not I suppose that cleaning and removing spyware as I described helped...

Logfile of HijackThis v1.99.1
Scan saved at 14:32:25, on 11.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Utils\Hijack Windows Log\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O2 - BHO: NMIEHelper Class - {CE92F0E4-87AD-11D3-B713-00C04F8F6C86} - C:\Program Files\Compuware\DevPartner Studio\Analysis\NMIEHELP.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://projekti/Proj...ts/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141941196296
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129620209138
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpu...xp/ScanFile.CAB
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://projekti/Proj...033/pjcintl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {C272534C-74F1-424D-84DC-B545540838DC} (Rdp Class) - https://www.ll2go.co.../LapLinkRdp.dll
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - http://www.pcpitstop...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.pri
O17 - HKLM\Software\..\Telephony: DomainName = domain.pri
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.pri
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server FullText Search (SQL2005) (msftesql$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SQL2005 (file missing)
O23 - Service: SQL Server Analysis Services (SQL2005) (MSOLAP$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "c:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server (SQL2005) (MSSQL$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQL2005 (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Visual Studio 2005 Remote Debugger (msvsmon80) - Unknown owner - c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 (file missing)
O23 - Service: DevPartner Control Service (NCS) - Compuware Corporation - C:\PROGRA~1\COMPUW~1\DEVPAR~1\Analysis\NCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (SQL2005) (SQLAgent$SQL2005) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i SQL2005 (file missing)
  • 0

#4
Metallica
Posted 11 March 2006 - 07:59 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. Are you actually using the MySQL server on that computer?

There are some files listed as missing, but HijackThis is not always correct in those matters.

Let me know if you encounter any more problems.

Regards,
  • 0

#5
halex
Posted 11 March 2006 - 10:45 AM

halex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
When I removed these entries from log you told me I suffer problems after restart. My Avast Protection didn't work, MySQL didn't work anymore, I got for the first time a boot message "svchost.exe critical error - memory location 0x00000000 could not be red" and I can hardly worked.
Interesting thing is that after restart from safe mode (first time) everything worked fine and when I moved this entries from Hijack log there was a mess. So I restore from backup this things that points to Avast, MySQL and MS SQL and it didn't help me.
So I start msconfig and turn of booting sequence not to read system.ini, win.ini, services... After restart it was ok and only (I think) RPC service wa working and maybe something else...
All other services were disabled or manual so I searched for default windows XP services configuration and put it like it was Microsoft suggested and after that I put some services to automaticaly and to manual (from disabled) that I think they are importing for my work and I succeeded finaly to put maschine working as wanted :-)
Thank you for your help in teaching how to look these rows in Hijack logs and finding problematic items and removing them.
  • 0

#6
Metallica
Posted 11 March 2006 - 10:52 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
My pleasure. :tazz:

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP