HJT Log can someone please check it for me?

  1. 15-06-2005  #1
    madmikejt12
    madmikejt12 is offline Dedicated Member

    Arrow HJT Log can someone please check it for me?

    Could someone please look at this log for me? Thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 15:50:51, on 15/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\Explorer.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    C:\windows\system32\wscntfy.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\WINDOWS\system32\tvt7dud9.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DRIVERS\Mouse\mouse32a.exe
    C:\windows\system32\hkcmd.exe
    C:\DRIVERS\Keyboard\KbdAp32A.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Mihov DiskFree\DiskFree.exe
    C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\Palm\HOTSYNC.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Old C drive\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Michael\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tinternet
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [p77i38l] ntpdbg.exe
    O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Michael\LOCALS~1\Temp\~compoundinst0\ auto_update_loader.exe" /PC=WB.RL /HideUninstall /HideDir
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [tvt7dud9] C:\WINDOWS\system32\tvt7dud9.exe
    O4 - HKLM\..\Run: [q7tR33W] ntpdbg.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FLMK08KB] C:\DRIVERS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\DRIVERS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [switp] C:\windows\switpa.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKCU\..\Run: [YwosRUJFO] nppng11n.exe
    O4 - HKCU\..\Run: [VirtualDesktop] "C:\Program Files\Tweak-XP Pro 4\virtuald.exe"
    O4 - HKCU\..\Run: [Mihov DiskFree] C:\Program Files\Mihov DiskFree\DiskFree.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [bw25RTanh] nppng11n.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global User Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPNetPumper_Application.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c361.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azesearch.com/install/azesearch.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{233A6469-78D4-45D5-9340-B4DA4CB62ADF}: NameServer = 205.188.146.145

  3. 15-06-2005  #2
    HJThis
    HJThis is offline Senior Member
    Hello,madmikejt12 & Welcome

    Well you have a lot of work to do here

    First thing i need you to do is up date the Ver of HijackThis
    you ran to this one here http://www.isecurity.org.uk/downloads/hijackthis.exe

    & please make sure not to install to a Temp folder or Desktop
    place it in a folder in C:\Drive like so C:\HJT

    now i have some items for you to remove

    Media Access
    Internet Optimizer
    CxtPls

    just goto Control Panel Add/Remove Programs
    & remove/Uninstall the items above

    once done with all of the above run a new scan show us logfile

    HGD
  4. 15-06-2005  #3
    madmikejt12
    madmikejt12 is offline Dedicated Member
    none of these are in the add/remove programs list, i have un-installed Internet Optimizer, i searched for CxtPls in drives C and E (showing hidden and system files/folders) and it found nothing and there is no un-install option for Media Access and the files wont delete (i ended the process "media access.exe" and they still wouldnt delete) anyway, here is a new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:20:55, on 15/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\Explorer.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\WINDOWS\system32\tvt7dud9.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DRIVERS\Mouse\mouse32a.exe
    C:\windows\system32\hkcmd.exe
    C:\DRIVERS\Keyboard\KbdAp32A.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Mihov DiskFree\DiskFree.exe
    C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\Drgtodsc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tinternet
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
    O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [p77i38l] ntpdbg.exe
    O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Michael\LOCALS~1\Temp\~compoundinst0\ auto_update_loader.exe" /PC=WB.RL /HideUninstall /HideDir
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [tvt7dud9] C:\WINDOWS\system32\tvt7dud9.exe
    O4 - HKLM\..\Run: [q7tR33W] ntpdbg.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FLMK08KB] C:\DRIVERS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\DRIVERS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [switp] C:\windows\switpa.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKCU\..\Run: [YwosRUJFO] nppng11n.exe
    O4 - HKCU\..\Run: [VirtualDesktop] "C:\Program Files\Tweak-XP Pro 4\virtuald.exe"
    O4 - HKCU\..\Run: [Mihov DiskFree] C:\Program Files\Mihov DiskFree\DiskFree.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [bw25RTanh] nppng11n.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global User Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPNetPumper_Application.dll
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c361.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{233A6469-78D4-45D5-9340-B4DA4CB62ADF}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    Last edited by madmikejt12; 15-06-2005 at 09:23 PM.
  5. 15-06-2005  #4
    HJThis
    HJThis is offline Senior Member
    Hi,madmikejt12

    Ok let's go on with this here we can go back to it later

    The application Messenger Plus is an add-on. It is not written by Microsoft. It installs spyware, LOP to be exact. Try and see if you can uninstall Messenger Plus via Add\remove Programs, and then if you still want to use it, reinstall it after we have cleaned your computer. Then choose not to install the Sponsor. If you are able to do this, then scan with HJt again in normal mode if possible, and post another log.

    Press control-alt-delete to get into the task manager and end the follow processes if they exist:
    ntpdbg.exe
    tvt7dud9.exe
    switpa.exe
    nppng11n.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)

    O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKLM\..\Run: [p77i38l] ntpdbg.exe
    O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Michael\LOCALS~1\Temp\~compoundinst0\ a uto_update_loader.exe" /PC=WB.RL /HideUninstall /HideDir
    O4 - HKLM\..\Run: [tvt7dud9] C:\WINDOWS\system32\tvt7dud9.exe
    O4 - HKLM\..\Run: [q7tR33W] ntpdbg.exe
    O4 - HKLM\..\Run: [switp] C:\windows\switpa.exe
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKCU\..\Run: [YwosRUJFO] nppng11n.exe
    O4 - HKCU\..\Run: [bw25RTanh] nppng11n.exe

    These 2 items here where they put inplace by you or Admins of PC
    if no fix them
    NOTE some software like Spybot & others will do this so make sure
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

    This item if not added by you fix it
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:
    C:\Program Files\CxtPls\<---This folder
    C:\WINDOWS\System32\sfg_26ad.dll<---This file
    C:\WINDOWS\system32\tvt7dud9.exe<---This file
    C:\windows\switpa.exe<---This file

    Stell in Safe Mode do a file Search for these here if found delete them
    ntpdbg.exe
    nppng11n.exe

    after doing all of the above do this here

    Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

    Then let us know how it is doing & post a new logfile

    HGD
  6. 16-06-2005  #5
    madmikejt12
    madmikejt12 is offline Dedicated Member
    I didnt manage to boot into safe mode (havnt been able to for a while now) and so tried to delete them normaly, i found a few but not all of them (it was showing hiddin and system folders)
    The application Messenger Plus is an add-on. It is not written by Microsoft. It installs spyware, LOP to be exact. Try and see if you can uninstall Messenger Plus via Add\remove Programs, and then if you still want to use it, reinstall it after we have cleaned your computer. Then choose not to install the Sponsor.
    this is what i did, i dont get the LOP toolbar but i used to have it.
    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)

    O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKLM\..\Run: [p77i38l] ntpdbg.exe
    O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Michael\LOCALS~1\Temp\~compoundinst0\ a uto_update_loader.exe" /PC=WB.RL /HideUninstall /HideDir
    O4 - HKLM\..\Run: [tvt7dud9] C:\WINDOWS\system32\tvt7dud9.exe
    O4 - HKLM\..\Run: [q7tR33W] ntpdbg.exe
    O4 - HKLM\..\Run: [switp] C:\windows\switpa.exe
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_26ad.dll"
    O4 - HKCU\..\Run: [YwosRUJFO] nppng11n.exe
    O4 - HKCU\..\Run: [bw25RTanh] nppng11n.exe

    These 2 items here where they put inplace by you or Admins of PC
    if no fix them
    NOTE some software like Spybot & others will do this so make sure
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

    This item if not added by you fix it
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    I have deleted all these from HJT But i couldn't find the files you told me to search for here is a fresh log, Thanks for looking and for all your help

    Logfile of HijackThis v1.99.1
    Scan saved at 20:36:26, on 16/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\Explorer.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\DRIVERS\Mouse\mouse32a.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    C:\windows\system32\hkcmd.exe
    C:\DRIVERS\Keyboard\KbdAp32A.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Mihov DiskFree\DiskFree.exe
    C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Palm\HOTSYNC.EXE
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tinternet
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\msn plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FLMK08KB] C:\DRIVERS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\DRIVERS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VirtualDesktop] "C:\Program Files\Tweak-XP Pro 4\virtuald.exe"
    O4 - HKCU\..\Run: [Mihov DiskFree] C:\Program Files\Mihov DiskFree\DiskFree.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global User Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPNetPumper_Application.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c361.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{233A6469-78D4-45D5-9340-B4DA4CB62ADF}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  7. 16-06-2005  #6
    HJThis
    HJThis is offline Senior Member
    Hi,madmikejt12

    Well the only item i see here is this

    if not put inplace by you or Admins of PC fix it or are you using some
    type of software that will do this.???
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

    if you are going to fix just run HJT fix it then close HJT

    now let us know how it is running are things better
    then before.

    HGD
  8. 16-06-2005  #7
    madmikejt12
    madmikejt12 is offline Dedicated Member
    its not deleting :S my computer seems ok, but the reason i posted this was that Jephree said to post a log here just to check because i have been having errors every so often. Had nothing yet but i have had those RQL_NOT_LESS_OR_EQUAL..... blue screens every few days so ill see how it goes.
    Thanks a lot for your help
  9. 16-06-2005  #8
    HJThis
    HJThis is offline Senior Member
    Hi,madmikejt12

    See if doing a Scandisk & Defrag from Safe Mode & using
    these 2 progs helps

    https://www.pctools.com/registry-mechanic/

    & this one here

    popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.

    install them run them but not yet

    first run a full system Scandisk & Defrag then run the 2 progs

    but make a restore point & backup the Registry first

    HGD
    Last edited by HJThis; 16-06-2005 at 10:07 PM.
  10. 16-06-2005  #9
    madmikejt12
    madmikejt12 is offline Dedicated Member
    i have Crap Cleaner but i can't get into safemode i press F8 click to boot into safemode and a black screen comes up with Multi(0) cant remember the rest
  11. 16-06-2005  #10
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,madmikejt12

    Your using XP so see if this link is any help to you

    safe mode: Instructions here

    let us know

    HGD
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Sorry but: cannot find "page name". Make sure the path or internet address is correct | Please help... »