|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-27-2005, 08:31 PM
|
#21 (permalink) |
|
Analyst, Security Team
|
That can't be right. Go to Start->Run and type in regedit and hit OK. Now go to Edit->Find and copy this in there: BA02E0A6-78FB-1E21-475E-84EB18D6C183
Do the search and see if it shows anything there. If it does, tell us where it's located (look at the status bar at the bottom for the location). Hit F3 after that to do another search. See if it's located in another folder also. Repeat if necessary until nothing else is found. Give us a new HijackThis log now.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-27-2005, 08:50 PM
|
#22 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
It is found in here:
My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA02E0A6-78FB-1E21-475E-84EB18D6C183} Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 5:46:24 AM, on 2/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\regedit.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: (no name) - {BA02E0A6-78FB-1E21-475E-84EB18D6C183} - (no file) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C71A86D5-5589-4B2A-A307-A90641E83951}: NameServer = 195.170.2.2 195.170.0.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe End of KRC HijackThis Analyzer Log.
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
|
02-27-2005, 09:20 PM
|
#23 (permalink) |
|
Analyst, Security Team
|
OK, delete it there then:
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Win dows\CurrentVersion\Explorer\Browser Helper Objects\ and delete {BA02E0A6-78FB-1E21-475E-84EB18D6C183} If it's giving you problems deleting it, go to Edit->Permissions and click on the Advanced button. On the bottom, check the box to inherit permissions and OK out. Now delete it. Then fix that O2 entry in HijackThis. Restart and post a new log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
02-28-2005, 05:32 AM
|
#24 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
It is finally gone, thanks a million for the help!!!
The entry didnt appear in hijackthis scan again. Should I apply the previous settings to inherit permissions now (and click on remove?) or should i leave it as is? Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 2:24:12 PM, on 2/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\VIA\RAID\raid_tool.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe End of KRC HijackThis Analyzer Log.
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
|
02-28-2005, 07:41 AM
|
#25 (permalink) |
|
Analyst, Security Team
|
Yes, it's gone now.
Your log is clean. If you disabled System Restore, make sure to enable it now. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial (http://www.greyknight17.com/spyware.htm#prevent) and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
03-01-2005, 01:47 PM
|
#26 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
The system restarts havent stopped.
I had a look to the error log in Help and Support Center. There are lots of these: The device, \Device\Scsi\viamraid1, did not respond within the timeout period. I dont know what via raid is, never used it, all i know is that it is a start up tool. Could this error be the cause of the restarts? After each restart i get this error description: Error code 1000008e, parameter1 c000001d, parameter2 bf8c6fc7, parameter3 f2719810, parameter4 00000000. with different parameters. Any ideas??
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
|
03-01-2005, 01:51 PM
|
#27 (permalink) | |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
So, you don't use the RAID features of your machine at all? How many hard disks do you have in your machine?
Quote:
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
__________________
 GO BIG BLUE!! |
|
|
|
|
|
03-01-2005, 01:57 PM
|
#28 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
I have one hard disk partisioned in two.
Do I need raid??
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
|
03-01-2005, 02:01 PM
|
#29 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
Not unless you're running multiple hard disks and doing backups to them.
One hard disk? Remove the entry, reboot and let us know if it continues. That RAID tool is obviously starting on boot and searching for a disk that does not exist. High possibility of being responsible for your restarts.
__________________
GO BIG BLUE!! |
|
|
|
|
03-01-2005, 02:19 PM
|
#30 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
ok, i'll do that.
Will this unistall raid completely or just remove it from the start up programs?
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
|
03-01-2005, 03:00 PM
|
#32 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 82
OS: winXPpro
|
Done, raid is off. Hopefully this will solve things out. Thank u!
__________________
Pentium4 3.4GH GA-8I915G duo 512MB (2x256) GA GeForce 6600 PCIe 256MB WD 120GB 7.2 DVD-ROM Toshiba DVD-RW Lite-On dual layer 420Watt CAD, 3DStudioMax, Maya, Premiere, Games |
|
|
|
| Thread Tools | |
|
|
