Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kill These With Otmoveit?


  • Please log in to reply
2 replies to this topic

#1 JDM2

JDM2

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 27 January 2008 - 01:18 PM

...or delete memsweep2 (shown below) using Autoruns?

the one's in bold red.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PzWDM - c:\windows\system32\drivers\pzwdm.sys <Not Verified; Prassi Technology; PzWDM>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 spydetector - c:\program files\spyware process detector\spydetector.sys (file missing)

S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 MEMSWEEP2 - c:\windows\system32\26.tmp (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 WMConnectCDS (Windows Media Connect Service) - c:\program files\windows media connect 2\wmccds.exe (file missing)
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)

S4 spkrmon - c:\program files\analog devices\soundmax\spkrmon.exe <Not Verified; ; spkrmon Module>

Only googleupdaterservice.exe and wmccds.exe show up in HJT.

Would be grateful for your advice on how best to proceed from here. I know c:\windows\system32\26.tmp has been (orphaned) on my machine for quite some time.

Thanks a lot...

Jeff

Edited by JDM2, 27 January 2008 - 01:33 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:21 PM

Posted 27 January 2008 - 02:00 PM

Hi JDM2
You are running specialised tools without the knowledge on how to read the results correctly.... this is very dangerous.
It's not just a case of deleting the files you see, you are looking at 'Drivers' and 'Services'..... these need to be dealt with differently.
If you are having problems and need help in removing things, i suggest you post a hjt log and let the experts read and interpret the results correctly.

Read the Preparation Guide before posting a HijackThis Log.
Please read, and follow, all directions carefully

Run a log, and post it in the HijackThis Logs and Analysis forum.

Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

BBPP6nz.png


#3 JDM2

JDM2
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 27 January 2008 - 02:18 PM

Thanks, I might just take a shot and work on correcting these things myself. I know OTMoveIt and several others are to be used with caution, but I've been watching experts give advice on logs for 3-4 years. It seems like whenever there's an entry in HJT where in parenthesis at the end it says (file missing) the helper says to fix that particular entry.

I need to take some risks and try new things on my own (after watching how the experts have proceeded) or else I'll never be an expert myself!

Thanks again for your reply.

Jeff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users