Clean-Up the Old PC

Having software/hardware problems? Get help here!

Postby [Aliens]kronenbourg » Wed Nov 07, 2007 9:34 pm

This is for Xytras only


Sorry about the very late reply, are you still having problems? If you've done the above, we can try a cleanup of the Temp files (not the internet ones).

Moving onto Baal-Sebub's in a min :wink:
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Wed Nov 07, 2007 10:18 pm

This is for Baal-Sebub only

Okay, lets do something simple first.

Re-run Hijackthis, and tick these entries:

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

Close all internet and email windows, and press Fix the selected ones.

When its all done, post a new log again :)
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]solifer » Fri Dec 14, 2007 6:07 pm

Ok Kronenbourg i thought i should wait until all others was done, BUT new ones comes in all time, so i just ask if you can check mine to??

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:13:23, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Logitech\G-series Software\LGDCore.exe
C:\Program\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program\Razer\Copperhead\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program\Grafik\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgamsvr.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgupsvc.exe
F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgemc.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program\Grafik\Fraps\FRAPS.EXE
F:\Program\Bränn_Filer\DAEMON Tools\daemon.exe
F:\Program\Web\LANeye\sys\LANeyeSRV.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
F:\Program\Web\Xfire\xfire.exe
C:\Program\Razer\Copperhead\razertra.exe
C:\Program\Razer\Copperhead\razerofa.exe
C:\Program\MSN Messenger\usnsvc.exe
F:\Program\Web\LANeye\Laneye.exe
C:\Activision\CoD RconTool\CoD RconTool.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Filer\Virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program\Office\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Copperhead] C:\Program\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] F:\Program\Grafik\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] F:\Program\Grafik\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Fraps] F:\Program\Grafik\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program\Bränn_Filer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Laneye.lnk = F:\Program\Web\LANeye\Laneye.exe
O4 - Startup: Thoosje Sidebar.lnk = C:\Program\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Startup: Xfire.lnk = F:\Program\Web\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Program\Office\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\Office\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\Office\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program\Office\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3916443859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program\Office\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\Program\VIRUS_~1\GRISOF~1\AVG7(2)\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LANeyeSRV (LANeyeSRV_NetworkService) - ProPrat - F:\Program\Web\LANeye\sys\LANeyeSRV.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - F:\Program\Bränn_Filer\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - F:\Program\Bränn_Filer\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - F:\Program\Bränn_Filer\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8973 bytes
Image
Image
Camaro - If you don´t own one, you´ll never understand!
<<-Bönder är liksom en egen ras, precis som rörmokare och föräldrar->>
User avatar
[Aliens]solifer
General
General
 
Posts: 7136
Joined: Wed Oct 18, 2006 12:31 pm
Location: Sweden Borlänge

Postby [Aliens]kronenbourg » Fri Dec 14, 2007 7:01 pm

Will look at it first thing tomorrow :)
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]solifer » Fri Dec 14, 2007 8:01 pm

:o :o :o
Image
Image
Camaro - If you don´t own one, you´ll never understand!
<<-Bönder är liksom en egen ras, precis som rörmokare och föräldrar->>
User avatar
[Aliens]solifer
General
General
 
Posts: 7136
Joined: Wed Oct 18, 2006 12:31 pm
Location: Sweden Borlänge

Postby [Aliens]kronenbourg » Sat Jan 12, 2008 7:40 pm

This is for solifer only

better late than never :wink:

Okay, nothing really showing up, except for one entry.

Re-open HiJackThis and scan. Check the box of the entry listed below.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Now close all windows other than HiJackThis, then click Fix Checked. Reboot.

Then post another fresh log.

Also, we'll clean up your startup soon, as you have a few things that don't need running.

Plus, one of the biggest hogging of resouces that you have running is C:\WINDOWS\system32\SearchIndexer.exe

Will have a good read up on this file, as it is needed by Windows, but we may be able to reduce its use. So, don't do anything with that file.

Kro
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]solifer » Sat Jan 12, 2008 8:42 pm

tanx will do :o
Image
Image
Camaro - If you don´t own one, you´ll never understand!
<<-Bönder är liksom en egen ras, precis som rörmokare och föräldrar->>
User avatar
[Aliens]solifer
General
General
 
Posts: 7136
Joined: Wed Oct 18, 2006 12:31 pm
Location: Sweden Borlänge

Previous

Return to Tech-support

Who is online

Users browsing this forum: No registered users and 1 guest

cron