[safesite]

Can anybody tell me if there is something fishy about the HiJackthis log I posted below? I've got Win 2000 Pro installed and one day ago there were suddenly some windows (system windows from Win 2000 like for instance the "Search function" or the "Run" command under "Start-button") popping up when pressing keys like "e", "r", "m" and a few others I can't remember right now. It looked like a virus and after updating Grisoft AVG Antivirus with the newest dat-file and doing a scan with an updated Pest Patrol it all seems to be gone but there hasn't been any real sign of a virus or spyware-detection by any program.

The only information given by AVG was a change in five files (filesize) which is still showing as changed/virus or possible virus but without any removal- or healing-options. The five files are as follows:

C:\WINNT\System32\kernel32.dll
C:\WINNT\System32\wsock32.dll
C:\WINNT\System32\user32.dll
C:\WINNT\System32\shell32.dll
C:\WINNT\System32\ntoskrnl.dll

Thanks already now for helping out...!

PS: Sorry, I didn't know if this was only HiJackthis posting or the virus-forum. Plz forgive me if making a mistake here.

Logfile of HijackThis v1.98.2
Scan saved at 12:00:24, on 13-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
C:\Program Files\Wsr\WinsysRsr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
c:\Program Files\PestPatrol\ppmemcheck.exe
c:\Program Files\PestPatrol\ppcontrol.exe
c:\Program Files\PestPatrol\pestpatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...ilogin.srf?id=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [MMKey] C:\Program Files\Launch Manager\MMKey.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [KeyPatrol] c:\PROGRA~1\PESTPA~1\KeyPatrol.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [CmdUpdate] C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

[Advertisements]

Sorry, I just discovered something that I forgot to mention before. The taskmanager-tabs are missing. I only get the process-window with the "End Process"-button and no tabs on top of it. No matter what I do, I can't access the tab for CPU-usage etc....! Any help, pleeeeez?

[safesite]

Sorry, I just discovered something that I forgot to mention before. The taskmanager-tabs are missing. I only get the process-window with the "End Process"-button and no tabs on top of it. No matter what I do, I can't access the tab for CPU-usage etc....! Any help, pleeeeez?

[Metallica]

Open Taskmanager and doubleclick just inside the outer border of the window.
Your other tabs should appear.

The first part of your description sounds as if your Windows key got stuck.
Try it for example [WinKey] + r is Run

One entry in your log is a mistery to me:

O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe

Can you surf to http://www.kaspersky.com/scanforvirus and have C:\Program Files\Wsr\WinsysRsr.exe checked there.

Let me know the results.

Regards,

Pieter

Edited by Metallica, 13 December 2004 - 07:46 AM.

[safesite]

Thanks a million Pieter for your reply. I just managed to work out that problem that you explained to me and exactly just before I saw your answer regarding the Task Manager. That one is okay now.

In regards to your second question. The shortcuts to the Win keys work fine now. Maybe you are right and they just got stuck somehow or it was some Microsoft hick-up of which there are so many occurring from time to time and it might be completely harmless.

Regarding the entry key in the log I found this link and it says the same in the properties of that file on my computer which reads "Mp3FileMonitoring MFC" and then some squares behind it (I am having software installed for my Mp3-player from CMTech so that is probably the reason for that file). The online-scan of the file at Kaspersky didn't show any virus either.

However, I am not feeling very safe though I did an online-scan at Symantec that showed no virus anywhere. I just finished one more scan on McAfee and there hasn't been any sign of a virus either.

But the worry is still there because Grisoft AVG-Antivirus continues to show the five files mentioned above as changed and next to that the "virus-man/-icon" but no message of any particular virus. Just the change of file size from what it was before to what it is now. I am very nervous about that one and have no explanation for it and as long as I don't have that I'm thinking that there is something wrong as there must be an explanation for it. Neither do I understand the exact purpose of those files and why they could be changed or for what reason???

Can you help me on that one?

I'd be so thankful you have no idea...!

Open Taskmanager and doubleclick just inside the outer border of the window.
Your other tabs should appear.

The first part of your description sounds as if your Windows key got stuck.
Try it for example [WinKey] + r is Run

One entry in your log is a mistery to me:

O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe

Can you surf to http://www.kaspersky.com/scanforvirus and have C:\Program Files\Wsr\WinsysRsr.exe checked there.

Let me know the results.

Regards,

Pieter

[Metallica]

The only legitimate reason for those files to change I can think of would be a Windows update.
Did you perform any of these recently?

You can also have those files checked at the Kaspersky site for viruses.

Regards,

Pieter

[safesite]

I don't know what you mean by recently but I think to be able to remember that the last update in Windows I did is about 1-2 weeks ago. Could that still be the reason and the warning of change is due to the fact that it was the update and AVG is just "hysterical" about this type of things or could it only be triggered by a real virus/trojan etc.? If you don't know the answer, could you tell me where I can turn to in order to get more information on that?

I also scanned all the five files at Kaspersky but none of them was infected with a virus. The only funny thing was that Kaspersky stated that shell32.dll wasn't containing any data. Is that supposed to be that way???

Thanks again for helping...!

Greetings

The only legitimate reason for those files to change I can think of would be a Windows update.
Did you perform any of these recently?

You can also have those files checked at the Kaspersky site for viruses.

Regards,

Pieter

[coachwife6]

Please post a fresh log.

[safesite]

Hello coachwife!

Thanks for your reply! Here is the new HiJackthis logfile:

The five files as mentioned above are still showing up as "changed" but not as a virus with a specific name in the system area scan of AVG.

Maybe the windows-update???

Regards


Logfile of HijackThis v1.98.2
Scan saved at 14:49:56, on 16-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
C:\Program Files\Wsr\WinsysRsr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
c:\Program Files\PestPatrol\ppmemcheck.exe
c:\Program Files\PestPatrol\ppcontrol.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...ilogin.srf?id=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [MMKey] C:\Program Files\Launch Manager\MMKey.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [KeyPatrol] c:\PROGRA~1\PESTPA~1\KeyPatrol.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [CmdUpdate] C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab

Please post a fresh log. 

[safesite]

Coachwife, where are you? I posted the fresh log and I could need some help by now. Please reply soon!

Thanks!

Please post a fresh log. 

[coachwife6]

My paying job has kept me very busy the past few days. Give me a minute and I'll look at it.

[coachwife6]

You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CmdUpdate] C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
The following are optional.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
(Description: NVidia graphics card system tray application for tweaking. Not necessary. Removing this entry will free up a small amount of system resources.)
Use Taskmanager (Ctrl-Alt-Del) to end these running processes if you can (or use Process Explorer)


O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
(Description: Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too. Removing this entry will free up some system resources. )

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files (if found):

C:\WINNT\system32\internat.exe

C:\Program Files\CMTech<<I'm with Metallica on this one. If you have the software to install it, deleting it won't matter. You can reload it again if this was causing the problem. All the research I've done ties this program and the following one together and everything I've seen recommends killing the next process.

C:\Program Files\Wsr

Clean out your temp. files again. Reboot and post a fresh log.

[safesite]

Hello and thanks for replying.

I think that I solved it. I posted as well on another forum and things are looking like they are - for now - resolved by the help from some people on that forum.

If there should be any further problems I'd be happy if I could post on this forum again and thank you for now for the time and effort you spent on helping me out.

That was very kind of you all and a great help which I very much appreciate.

Kind regards from me to you all.

safesite

You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CmdUpdate] C:\Program Files\CMTech\SMC Music Box MP3 Player\CmdUpdate.exe
O4 - HKLM\..\Run: [WinsysRsr] C:\Program Files\Wsr\WinsysRsr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
The following are optional.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
(Description: NVidia graphics card system tray application for tweaking. Not necessary. Removing this entry will free up a small amount of system resources.)
Use Taskmanager (Ctrl-Alt-Del) to end these running processes if you can (or use  Process Explorer)
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
(Description: Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too. Removing this entry will free up some system resources. )

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files  (if found):

C:\WINNT\system32\internat.exe

C:\Program Files\CMTech<<I'm with Metallica on this one. If you have the software to install it, deleting it won't matter. You can reload it again if this was causing the problem. All the research I've done ties this program and the following one together and everything I've seen recommends killing the next process.

C:\Program Files\Wsr

Clean out your temp. files again. Reboot and post a fresh log. 

[coachwife6]

I'm glad that you got your problem solved, and I know you were anxious to get it done. But posting on numerous forums just stretches the small number of volunteers who give of their time to help out people like yourself. This happens rather frequently, and when we spend a great deal of time working on a log with no response or a response like yours, it's rather frustrating.

Again, I am glad that your problem got solved. Happy holidays.

[safesite]

Thanks for your reply. And Merry Christmas to you, too.

I just wanted to reply to your concerns and I have to say that I strongly disagree in your point of view. The time it takes isn't a factor nor should it be a problem. You are wrong there.

However, the point is that the problem is getting solved. Whether or not it will take one forum or two isn't decisive - I am sure - as the knowledge and the solutions that are being achieved in one or the other will be a motivation and inspiration as well as a tool for me and others that are being helped to AGAIN spread that new knowledge to others (friends, family, co-workers or classmates, internet-users etc. etc. etc.) and helping those thus enabling you and helpers alike to get your work minimized and therefore more time to help other new beginners or people with different problems.

Don't forget to always look at it from the bright side...

Merry Christmas and a very Happy New Year.

safesite

I'm glad that you got your problem solved, and I know you were anxious to get it done. But posting on numerous forums just stretches the small number of volunteers who give of their time to help out people like yourself. This happens rather frequently, and when we spend a great deal of time working on a log with no response or a response like yours, it's rather frustrating.

Again, I am glad that your problem got solved. Happy holidays.

[admin]

I just wanted to reply to your concerns and I have to say that I strongly disagree in your point of view. The time it takes isn't a factor nor should it be a problem. You are wrong there.

Here I will strongly disagree! We're getting an average of about 40 new topics per day, with about 200 replies, about half of those by staff members. I'm guessing and average reply takes about 10 minutes (some more, some less). Do the math 200 posts at 10 minutes each equals 2,000 minutes or about 33 hours per day required to answer posts on this forum (and we're a small site). Multiply that by all forums offering free help. This time is all donated by the people with real jobs, families and lives. When was the last time you donated several hours per week, nevertheless per day to help others?

Hijack This logs in particular are getting more difficult to analyze, repairs are taking longer, an new infections are appearing every week. It takes a huge commitment to keep up with the latest techniques and infections, while still having time to help others. This site and others are training new helpers all the time, but there's a high dropout and burnout factor. There are a very limited number of helpers available, and many help on multiple sites. When you post the same problem on multiple sites you are only further straining this resource that's already stretched too thin.

If time isn't a concern for you, we could sure use the extra help:
http://www.geekstogo...?showtopic=4817