Hijack This Log

By bubbatoofez
Nov 22, 2004
Topic Status:
Not open for further replies.
  1. Logfile of HijackThis v1.97.7
    Scan saved at 12:41:03 AM, on 11/22/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\qovv.exe
    C:\WINDOWS\system32\msswch.exe
    C:\WINDOWS\system32\netddx.exe
    K:\Program Setup Files\Pop Up Stopper\PopUpStopperFree.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\appsvcs.exe
    C:\WINDOWS\system32\oddtreg.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AIM\aim.exe
    F:\IRC\mirc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Documents and Settings\Chaotic Productions\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome To Total Chaos!
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6BDAA48C-C5F7-A5B3-D82F-118E3404C1F4} - C:\WINDOWS\Wzucroob.dll (file missing)
    O2 - BHO: (no name) - {D522A400-12C5-430F-A861-D770496FDAA4} - C:\WINDOWS\System32\bgsoc.dll (file missing)
    O3 - Toolbar: Search - {371A3152-5405-A1EC-E9CD-47EDE3BFFA16} - C:\WINDOWS\Wzucroob.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mqkumupqecyfw] C:\WINDOWS\System32\xvbfxo.exe
    O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
    O4 - HKLM\..\Run: [bgsocc] C:\WINDOWS\System32\bgsocc.exe
    O4 - HKLM\..\Run: [jmruplg] C:\WINDOWS\Lmddwz.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
    O4 - HKLM\..\Run: [vs2P38h] oddtreg.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
    O4 - HKCU\..\Run: [eBtFRUN8T] appsvcs.exe
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\qovv.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: Ebates (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095785388093
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  2. bubbatoofez

    bubbatoofez Newcomer, in training Topic Starter

    Forgot my message in the first one. OOPS!!!!

    Hey everyone. There is a new adware program out here that is killing me. I have tried everything I can possibly think of. I've run Ad Aware SE, Spybot, and Spysweeper but all no no avail. They can't find this thing. I was hoping I could post my HiJack This log and see if you guys could help. Some of the items I think Ad Aware has found but can't fix them until my next reboot. I'm right in the middle of a large DL so I don't want to reboot until the morning.

    What this new Adware does.........
    Every so often it will make a Windows exclamation sound and a window will popup. In the window it says:

    "Windows Security Center

    WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.

    Do you want to download certificated software and protect your computer?"

    Then you get yes or no. With no it goes away but comes back later. With yes it takes you to a site to download removal tools but it quickly jumps to a porn site. At the same time it will randomly jump me to the porn site while I am surfing. Below is my Hijack This log. All help is greatly appreciated
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Welcome to TechSpot

    Download and install the following 4 programs, each in their own permanent directory:

    Spybot S&D http://www.safer-networking.org , let it "immunise" your PC during install, takes only a few seconds.

    Adaware Personal SE http://www.lavasoftusa.com

    Your version of HJT is outdated, uninstall it and replace with the latest
    HijackThis http://www.tomcoyote.org/hjt/

    CWshredder http://www.spywareinfo.com/~merijn/downloads.html

    Before running any of the above (now and in future), always make sure you have the latest program-versions,
    and do an online-update in Adaware and Spybot for the latest definitions.

    Boot in Safe Mode (press F8 a few times upon booting).

    Uninstall: C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
    Uninstall: K:\Program Setup Files\Pop Up Stopper\PopUpStopperFree.exe
    Uninstall: C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

    From now on, avoid using Internet Explorer except for Microsoft updates!!!
    D/L and install Mozilla Firefox instead (after the cleanup is finished). It has a much better popupstopper than those freebies, which might include adware/spyware or god knows what.

    Let's do some cleaning now.
    Run CWShredder first and let it fix whatever it can (might not find anything)
    Then run Adaware, and then Spybot. Let them each fix whatever they can.

    Then reboot again in Safe Mode.
    Now run Hijackthis with NO other programs open, and let it "fix" the following (if not caught yet by Adaware and Spybot):

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\System32\qovv.exe
    C:\WINDOWS\system32\msswch.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\netddx.exe
    C:\WINDOWS\system32\appsvcs.exe
    C:\WINDOWS\system32\oddtreg.exe
    C:\WINDOWS\system32\netddx.exe

    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
    O2 - BHO: (no name) - {6BDAA48C-C5F7-A5B3-D82F-118E3404C1F4} - C:\WINDOWS\Wzucroob.dll (file missing)
    O2 - BHO: (no name) - {D522A400-12C5-430F-A861-D770496FDAA4} - C:\WINDOWS\System32\bgsoc.dll (file missing)
    O3 - Toolbar: Search - {371A3152-5405-A1EC-E9CD-47EDE3BFFA16} - C:\WINDOWS\Wzucroob.dll (file missing)
    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
    O4 - HKLM\..\Run: [mqkumupqecyfw] C:\WINDOWS\System32\xvbfxo.exe
    O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
    O4 - HKLM\..\Run: [bgsocc] C:\WINDOWS\System32\bgsocc.exe
    O4 - HKLM\..\Run: [jmruplg] C:\WINDOWS\Lmddwz.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
    O4 - HKLM\..\Run: [vs2P38h] oddtreg.exe
    O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
    O4 - HKCU\..\Run: [eBtFRUN8T] appsvcs.exe
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\qovv.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Ebates (HKCU)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sh...bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1095785388093
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
  4. Electrick Gypsy

    Electrick Gypsy Newcomer, in training Posts: 89

    Well done realblackstuff.
    The first half of that post should be turned into a sticky.
  5. bubbatoofez

    bubbatoofez Newcomer, in training Topic Starter

    Driving me nuts

    Well, I did what you said. I appreciate it. It stopped most of my problems. But the main nasty is still hanging around. And it is extremely nasty. I can't play games. I can't watch movies. Well, I can but it knocks me out of full-screen every 20 minutes or so. I have updated my Hijack This. Also, I have run 3 virus scanners and all say I am clean. All of the Adware and Spyware proggies recommended and the removals from Hijack This. Here is my updated log. Any ideas. And thanks again.

    Logfile of HijackThis v1.98.2
    Scan saved at 6:06:55 PM, on 11/22/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\Documents and Settings\Chaotic Productions\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome To Total Chaos!
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [spoolsrv.exe] spoolsrv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.63.219.181.7
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Rbs showed you which entries to let Hijackthis fix.

    I have been looking through your most recent log and noticed the there is one entry you seemed to have missed it`s C:\WINDOWS\System32\smss.exe

    So boot into safe mode again run Hijackthis and let it fix the above.

    Regards Howard :grinthumb
  7. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    I`ll second that Electric Gypsy.

    Nice one RBS.

    Regards Howard :D
  8. bubbatoofez

    bubbatoofez Newcomer, in training Topic Starter

    Hijack This

    Again, I would like to say thank you to all how have replied to this. It has been a great help. I am still having issues though. You told me to go into safe mode and use Hijack This to clean out the smss.exe. After upgrading to the latest version it does not give that as an option. It does not show up under Hijack This as something I can repair. It only shows it under the log. I also tried going directly to the file under Safe Mode and deleting it there. It will not allow me to delete it. It says access denied. Am I doing something wrong? Should I go back to an older version of Hijack This? Thanks again everyone for all of the support!!!
  9. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Stop downloading and installing junk!
    You sneaked in another program:
    C:\Program Files\InterMute\SpySubtract\SpySub.exe


    At times this program smss.exe is referred to as a legal MS-program,
    http://www.liutilities.com/products/wintaskspro/processlibrary/smss/

    others say it is spyware
    http://www.2-spyware.com/file-smss-exe.html

    Boot from a W98 startup floppy and then manually RENAME that file into smss.eee or something.
    Reboot the PC. If it still works, fine. If it needs smss.exe, rename it again using the W98-floppy.

    And guys, thank you for the uplifting comments!
  10. RedRooster

    RedRooster Newcomer, in training Posts: 18

    I had the same problem this weekend. The only file that was out of place in my log was a BHO object. It was using a name similar to a real file, so maybe that smss.exe file is causing the problem. I have yet to see the problem again, but I rarely use IE so it might take a while before I see it again.

    At least that popup sure looks real, I'm sure a lot of people are clicking on YES when they see it :(
  11. manualdexterity

    manualdexterity Newcomer, in training

    another hijack this log

    my computer tends to shut down sometimes on its own when nothing apparent seems to be going wrong. i have run spybot which does not pick anything up, when i try adaware and norton my computer will start the scan and it seems that when it get to a certain point, it will shut down. help would be greatly appreciated. not sure if a hijackthis log would do anything, but i figured anything would be worth a try

    Logfile of HijackThis v1.98.2
    Scan saved at 10:43:29 PM, on 11/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\BSHARELITE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Documents and Settings\user1\Desktop\Bkup old Hard Drive\Program Files\AIM95\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\user1\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SDWin32 Class - {65902DF2-CA58-4BD2-909D-3491A1EB2CDA} - C:\WINDOWS\System32\mynvv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BearShare Lite] BSHARELITE.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\user1\Desktop\Bkup old Hard Drive\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\user1\Desktop\Bkup old Hard Drive\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0466932084f959304700/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094440723281
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
  12. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Manualdexterity

    Welcome to TechSpot

    Follow the start-instructions for D/L and install from my post higher up.

    Try and uninstall Bearshare and what's in LiveUpdate

    Then run HJT and let it fix:

    C:\WINDOWS\System32\BSHARELITE.EXE
    O2 - BHO: SDWin32 Class - {65902DF2-CA58-4BD2-909D-3491A1EB2CDA} - C:\WINDOWS\System32\mynvv.dll
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [BearShare Lite] BSHARELITE.EXE
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...81/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0466932084f959...ip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1094440723281
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,19/mcgdmgr.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
  13. uber_roxxorz

    uber_roxxorz Newcomer, in training

    My task manager closes when I open it!?

    My windows task manager closes right when I open it. I'd post a HJT log but I just want to know first if that will help any. Also, I tried posting my log earlier, but it says I have URL's that aren't allowed to be posted. What's up with that? Anyways, the task manager is the most important thing in this post, so if you could give me some help, it would be greatly appreciated.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.