TechSpot

Another HJT log or two!!!

By Rik
Oct 26, 2006
  1. Hi Howard, i have been using a friend of a friends pc as a guniea pig for my attempt at learning more about HJT!!!!

    HJT log 1 is from when i first got the pc and HJT log 2 is after me having a go at it!!!!
     
  2. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Hi Rik,

    I'm starting to learn about HJT logs. Howard will correct me if I'm wrong hehe :)

    C:\WINDOWS\System32\MsPMSPSv.exe
    Some people recommend to disable this service. It's used by Media player. I'm sure you can disable it in msconfig, startup tab, or services tab.
    Some guys claim that it's a form of spyware, some say it's harmless.
    But you should disable it, it's not essential.

    Since I'm too dumb for this yet, I'd recommend to listen to Howard's advice :)

    Regards :wave:
     
  3. Rik

    Rik Banned Topic Starter Posts: 3,814

    Thanx for the advice Wolfram, i too am learning as i said in my first post!!!!
    I'm hoping i can fix this pc before it goes up in smoke!! hehe!!
    It's an emachine, like ewww, its horrible and will probably die from the crappy psu in it!!!!

    Q - Whats the best thing about an emachine?
    A - The moment you give it back to the poor mug that actually parted with cash for that pile of s**t!!!!!!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That is one of the most badly infected systems I`ve seen for quite some time. No antivirus or firewall software and you can see why it`s so bad and that`s only what I can see. With a renamed HJT log I shudder to think what`s there.

    Based on the first HJT log, I`d recommend reformatting and starting from scratch.

    I can`t comment on the second HJT log as I don`t know how things have been fixed.

    BTW: The MsPMSPSv.exe file is not nasty and is part of the Windows media player.

    Regards Howard :)
     
  5. Rik

    Rik Banned Topic Starter Posts: 3,814

    I got rid of norton first off, then scanned with some crap that was on it and was out of date for a laugh, it found nothing!!! I then installed etrust antispyware and it found 54 infections!!! I then used HJT to remove some more crap from it and its not perfect yet, but it is running a hell of a lot faster and has no boot errors or popups of any kind!! It only comes up with 2 error boxes when it shuts down but they flash up that quickly that i don't get a chance to see what they say!!!!
     
  6. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Hmm, like Howard said, a full format would be better. Then prevent future infections, using AVG Free, and Zonealarm's free firewall, also, some antispyware and antitrojan tools.

    But like you said, it an E-machines, who cares about it :p
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s the problem right there. Simply fixing something with HJT doesnt actually get rid of it. Depending what it is, It needs to be physically removed from the system.

    That`s why I couldn`t comment on HJT 2.

    For instance, all these are bad and need uninstalling/deleting

    C:\Program Files\PowerCodec\isamonitor.exe
    C:\Program Files\PowerCodec\pmsngr.exe
    C:\Program Files\PowerCodec\pmmon.exe
    C:\Program Files\PowerCodec\isamini.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
    C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS9Xy wuwN/oqwTWhUdpG91HQWAAMtZMekQFTZfgnDQLpiPgLT87KDT1yeDkU4yiJ+PgdxY7FcIzupUMLFRTgq Q/WLW4fupSo/yK+j2DpzMXppVfOibUJ4tVdOIj8Psh9P8p7/wtcYztRfo5gFkOsPWoh

    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware343\bin\Starware343.dll

    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\PowerCodec\isaddon.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll<Fix only

    O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\PowerCodec\iesplugin.dll

    O3 - Toolbar: Starware343 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware343\bin\Starware343.dll

    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot

    O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe

    O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

    O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"

    O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"

    O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c

    O4 - HKLM\..\Run: [NI.UWAS6_0001_N91M1508] "c:\documents and settings\alan reid\application data\winantispyware2006freeinstall[2].exe" -nag

    O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe

    O4 - HKLM\..\RunServices: [msnsched] msnsched.exe

    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O10 - Hijacked Internet access by New.Net<Do not fix with HJT. Newnet needs to be uninstall, or if that`s not possible the newnet downloadable uninstaller programme should be used.

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab

    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab

    O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll

    The above are all the entries that need to be got rid of. All the programmes should be uninstalled. Anything that`s run as a service needs to have it`s services stopped. All the .exe files must be stopped from running via task manager. All the files must be deleted apart from the one I said fix only.

    The last entry will probably need Killbox to get rid of it.

    Now do your see what I mean?

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...