Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log - please help


  • Please log in to reply
1 reply to this topic

#1 cmalear

cmalear

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado
  • Local time:09:45 PM

Posted 12 June 2005 - 02:23 PM

I recently started recieving the following error at startup.

WebScanX has encountered a problem and needs to close

I then notice that starting certain applications (seems to vary), my dial up service tries to connect automatically.

Now I've encountered an issue with sndvol32.exe. It seems to have been damaged or removed because it won't start anymore when I try to change volume settings.

Everything else seems to be working properly for now, but I've included a HJT log. There were about 5 error messages that popped up while running HJT. It said they were copied to the clipboard. Should I try and post a log of these errors? Thanks for any help.

Also, I regularly update and scan with Spybot Search and Destroy and Lavasoft Ad-Aware (both free versions) as well as McAfee Virus Scan.

Logfile of HijackThis v1.99.1
Scan saved at 1:11:43 PM, on 6/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\ESRI\License\lmgrd.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
C:\PROGRA~1\ESRI\License\ESRI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com/VS2/bin/myCioAgt.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D9117A-F9F0-484F-8844-C343DDAE8DEB}: NameServer = 209.244.0.3 209.244.0.4
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.7.1.228.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Associates Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: ESRI License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\lmgrd.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: McAfee Agent (myAgtSvc) - Network Associates, Inc. - C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
O23 - Service: Network Associates Log Service - Networks Associates Technology, Inc. - C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: Network Associates Outbreak Manager (Outbreak Manager) - Networks Associates Technology, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
Chad Malear

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:45 PM

Posted 13 June 2005 - 03:18 PM

The error messages would be helpful, because your log doesn't look too bad. Are you using Spybot 1.4? Also, you shoud run both Adaware and Spybot in safe mode. Then reboot and post a new HJT log, along with your error messages.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users