Newbie
HI. I'm new to this whole hijack this log thing and i hope i did it right. I have been having problems with my internet, sometimes when i try to go a site with videos and open a video i get a error saying "firefox has encounted an error", anyway here is my hijack this log. Sorry if i'm doing this wrong and THANK YOU very much for your help!
Logfile of HijackThis v1.99.1
Scan saved at 10:09:23 PM, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Documents and Settings\LKR\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cicero.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cicero.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cicero.ca/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124371186309
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124733626250
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Senior Member (Canada)
There are no glaring issues in your HijackThis LOG. If you use 'FireFox' mainly, go to:
Tools>Options>Cache (TAB)>Clear Cache (BUTTON)
That may help make things more reliable.
Also, for possible IE issues:
Clean out TEMPORARY FILES:
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner http://www.ccleaner.com/downloadbuilds.asp
Install Options:
- Don't install any Toolbars, or other programs, should it ask you!
- Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.
- Uncheck ‘Cookies’ option (advisable)
- Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
- Click the ‘Analyse’ button.
- Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.
You might also have more multi-browser options with the following tool:
Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.
Update your Java.
Older JAVA versions have vulnerabilities that malware can and are using to infect systems.
Please follow these steps to remove older version Java components.
- Close any programs you may have running, ESPECIALLY your web browser
- Click Start > Control Panel.
- Click Add/Remove Programs.
- Check any item with Java Runtime Environment (JRE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove all versions of Java.
- Reboot your computer once all Java components are removed.
Download the latest version of Java Runtime Environment, and install it to your computer.
New Version should show as (HijackThis log):
C:\Program Files\Java\jre1.5.0_06\…
Let us know if your issues remain and how frequent they are (in which browser).
Newbie
I tried everything on your post and unfortunately I still have the problem.
It happens on both internet explorer and firefox. It happens when i try to watch like a video or something similar i get this error message. It doesnt happen all the time but it happens most of the time.
the error signature on the last one was:
AppName: firefox.exe AppVer: 1.8.20060.7278 ModName: npswf32.dll
ModVer: 9.0.16.0 Offset: 00071db1
and it said "following file will be included in your error report"
C:\DOCUME~1\LKR\LOCALS~1\Temp\81c8_appcompat.txt
Senior Member (Canada)
See if this link helps:
http://www.aasted.org/adblock/viewto...4f612c571c47c8
i deleted my flash player (npswf32.dll) since that's what was coming up in the error report. i had version 9 something. it went back to 8 when i reinstalled and it works fine now.
Newbie
no i tried deleting npswf32.dll and reinstalled flash player and it still didnt fix the problem. Is it possible that one of my plugins or some other thing is intefering with flash??
Senior Member (Canada)
Let us try the following scan before considering anything further.
Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
- Click the Download BUTTON. On the next page click the Download now BUTTON.
- Save and then install (Run) from the save location.
- Open/Run ewido anti-spyware
- Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions and choose Quarantine
- When updating has finished. Close Ewido.
We will be using this tool in a later step.
Reboot your computer in Safe Mode.______________________________
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:
- Click on the default Status ICON and select the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan TAB.
- Select Complete System Scan. Ewido will now begin to scan your system.
- If Ewido finds anything it will list them in the Preview WINDOW:
- Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
- Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).
- When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
- Copy and paste the EWIDO scan results into your next post.
- Close Ewido.
Newbie
here is my EWIDO scan result:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:16:36 AM 01/09/2006
+ Scan result:
:mozilla.61:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\LKR\Cookies\lkr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Felician\Cookies\felician@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\LKR\Cookies\lkr@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Felician\Cookies\felician@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\LKR\Cookies\lkr@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\LKR\Application Data\Mozilla\Firefox\Profiles\lgvtvwjq.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Senior Member (Canada)
Ewido only found COOKIES which wouldn't account for your issues under investigation.Is it possible that one of my plugins or some other thing is intefering with flash??
I think you would now be better served by seeking any available advice and guidance from our XP Forum participant community.
