Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting up

Started by Whistlewind , Sep 01 2006 10:45 PM

  • Please log in to reply

#16
Metallica
Posted 12 September 2006 - 02:56 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Aha. OK.

For SpywareGuard use the procedure described here:
http://www.wildersse...amp;postcount=2

For BHODemon fix:
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
and delete the C:\Program Files\BHODemon 2 folder.

Let me know if that works.

Regards,
  • 0

Advertisements

#17
Whistlewind
Posted 12 September 2006 - 08:37 AM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OK BHOdemon is gone however the tutorial for deleting spywareguard that you linked me to did not work totally. Even after i did what it said i went to ad/remove programs and i still could not uninstall it(it said it could not be located). I went to hjack this and deleted it there. I tried to then go to find and delete it in c/program files but it said i did not have permission.

Going to put another report out Goodluck :whistling: .

Logfile of HijackThis v1.99.1
Scan saved at 7:36:07 AM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\PROGRAMS\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common\Data\C_\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common\Data\C_\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Documents and Settings\Jon\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Startup: check-ip-changed.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142468189636
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142468179605
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
  • 0

#18
Metallica
Posted 12 September 2006 - 09:06 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Your log is clean and SpywareGuard looks to be disabled, so you must have done better then you thought. :whistling:

On the downside that means that if you still have problems, I dont know where to look.

Regards,
  • 0

#19
Whistlewind
Posted 12 September 2006 - 07:55 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I still have all the problems i started with.... I guess ill never fix it.
  • 0

#20
Metallica
Posted 13 September 2006 - 02:13 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you bring up taskmanager and check if a certain process is using up all the resources.

Let me know,

Pieter
  • 0

#21
Whistlewind
Posted 13 September 2006 - 08:34 AM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
MSASCui.exe 58k mem usage goes from 0-50 and then to about 99% CPU usage off and on.
  • 0

#22
Metallica
Posted 13 September 2006 - 09:02 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Still Windows Defender ??
Last time I used it it had three components which could be controlled separately, is that still true?
Can you disable the resident protection bit by bit. (One at a time)

Let me know if you notice which one is the culprit.

Regards,
  • 0

#23
Whistlewind
Posted 13 September 2006 - 06:06 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I don't see that option in windows defender
  • 0

#24
Metallica
Posted 14 September 2006 - 05:48 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Open Windows Defender.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Windows Defender Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Windows Defender icon on the taskbar and select Shutdown Windows Defender.

Let me know if that helps.
  • 0

#25
Whistlewind
Posted 14 September 2006 - 04:22 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I dont see any left pane on windows defender i think your using a different version...

On a different note i can nolonger enter any cd's/dvd's into my computer because launcher.exe fails everytime i do.

Scanned with ad aware and it found nothing. :whistling:
  • 0

Advertisements

#26
Metallica
Posted 15 September 2006 - 05:12 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I don't know what YOU have installed, but can you see if there is an entry in Add/Remove Software for Windows Defender and uninstall it.

When you wrote launcher.exe, I assume you meant the file on the CD, right?
  • 0

#27
Whistlewind
Posted 15 September 2006 - 08:47 AM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I honestly don't think windows defender is the problem so im not going to uninstal it i have disabled it and nothing has changed.

Lancher.exe is the program that opens the cd's/dvd's you put in your disk drives(i believe). I still have some malware or something in my computer is there any other scans i can do? Perhaps panda will show something.
  • 0

#28
Metallica
Posted 15 September 2006 - 08:59 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

I still have some malware or something in my computer is there any other scans i can do? Perhaps panda will show something.


Try this one:

http://www.kaspersky.com/virusscanner

Let me know if you need help interpreting the logs.
  • 0

#29
Whistlewind
Posted 17 September 2006 - 04:01 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 17, 2006 1:38:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/09/2006
Kaspersky Anti-Virus database records: 211037
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 85092
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:13:08

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\history.dat Object is locked skipped
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\key3.db Object is locked skipped
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jon\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cxfmq15c.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\History\History.IE5\MSHist012006091720060918\index.dat Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Temp\Perflib_Perfdata_f68.dat Object is locked skipped
C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jon\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jon\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_70c.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\OpenSA\Apache2\logs\access.log Object is locked skipped
C:\OpenSA\Apache2\logs\access_log Object is locked skipped
C:\OpenSA\Apache2\logs\error.log Object is locked skipped
C:\OpenSA\Apache2\logs\error_log Object is locked skipped
C:\OpenSA\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-09-15.06-35-00.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_125.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{20570266-FC42-4D44-98B6-313B21B1F8F5}\RP283\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5453.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
H:\System Volume Information\_restore{20570266-FC42-4D44-98B6-313B21B1F8F5}\RP283\change.log Object is locked skipped
Scan process completed.
  • 0

#30
Metallica
Posted 18 September 2006 - 12:24 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That doesn't show any problems.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP