|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-25-2004, 04:36 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 6
OS: XP
|
help please, weird bug or something :/
anybody familiar with this problem: after being a while connected to the net, i click disconnect on the connection tray icon, and it stucks, and when i try to restart or shut down, it says "end program" of the connection in system tray, after clicking end program. the pc stucks on the blue power off screen so i have to shutt down it manually on that screen.
i really don't know what to do, on different versions of xp same problem  |
|
     
|
|
10-25-2004, 07:48 AM
|
#4 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.
__________________
 GO BIG BLUE!! |
|
|
|
|
10-25-2004, 03:25 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 6
OS: XP
|
scanned the system no viruses, trojans found. looks clean.
CTSNKY ok, i did the scan: Logfile of HijackThis v1.98.2 Scan saved at 12:20:26 AM, on 10/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.moszilla.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{33C39F7A-2847-46DA-AE38-B3CCA588F9A5}: NameServer = 192.115.106.35 62.219.186.7 |
|
|
|
|
10-25-2004, 04:13 PM
|
#6 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
To try and resolve your problem, I would recommend uninstalling that FlashGet program first and see if that does the trick.
__________________
GO BIG BLUE!! |
|
|
|
|
10-26-2004, 02:03 AM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 6
OS: XP
|
removed, still happens
Logfile of HijackThis v1.98.2 Scan saved at 11:02:22 AM, on 10/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.moszilla.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{33C39F7A-2847-46DA-AE38-B3CCA588F9A5}: NameServer = 62.211.185.7 192.112.105.35 |
|
|
|
|
10-26-2004, 01:44 PM
|
#8 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 16
OS: NT4/XP Pro
|
Recommendations
Running processes:
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe remove O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll remove O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) remove by adding to ignorelist (not needed at startup?) O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe remove by adding to ignorelist (not needed at startup, quicktime?) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime remove by adding to ignorelist (not needed at startup, what's this?) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE remove by adding to ignorelist (not needed at startup, realplayer) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot remove by adding to ignorelist (not needed, is this needed at startup?) O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe ] Get and download http://www.giantcompany.com/(ahmkvc55o5jjx345ho2vn4vn)/default.aspx anti spyware and run it. It will protect you either in use time or manually - removes any spywares and informs you if finds strange files. (30 day trial - but in that time you get very good service)  |
|
|
|
|
10-26-2004, 11:17 PM
|
#9 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,957
OS: Vista Home Premium, SP 27
|
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
The above needs to be fixed. Open a new HJT log and check it to be fixed. Then, with all browser windows closed, click "fix checked". Reboot and post a new HJT log so that we can make sure it's gone. The advise the other member is giving you is intended to speed up your machine; elliminating start-ups, etc. The nod32 entries are you AV prog (excellent choice, BTW). I don't see anything in the advise that will crash your machine. Personally, I don't make those recommendations unless they are specifically asked for, so I'll make no further comment. |
|
|
|
|
10-27-2004, 04:08 AM
|
#10 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 6
OS: XP
|
ok, this is the new log file, i still think its nothing to do with viruses or something. my platfrom now clean.
Logfile of HijackThis v1.98.2 Scan saved at 1:05:47 PM, on 10/27/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{33C39F7A-2847-46DA-AE38-B3CCA588F9A5}: NameServer = 62.239.146.7 192.125.116.34  |
|
|
|
|
10-27-2004, 11:18 AM
|
#11 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 16
OS: NT4/XP Pro
|
I am still wondering that is that waitservice, does it belong into DSL? in eset folder, something is wrong in that ... What router/modem are u using? Check those things, how they must set... Why are you now starting tweakui ? |
|
|
|
|
10-27-2004, 11:49 AM
|
#12 (permalink) |
|
Manager, The Relaxation Room/Analyst, Security Team
Join Date: Oct 2004
Posts: 10,759
OS: xp
|
hey pikapotsi
please dont mess up with this O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE that s her or his antivirus ,her or his log is clean |
|
|
|
|
10-27-2004, 03:53 PM
|
#13 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 6
OS: XP
|
yes nod32 is an excellent antivirus.
flashnews: same problem suffers more 2 ppl with same modem connection. GlobespanVirata USB ADSL Lan Modem i (man) found only drivers from 2000 for that one on net, mine from 2003 i think anyway what should i do |
|
|
|
|
| Thread Tools | |
|
|
