TechSpot

HJT file attached, did RBS's walkthtough, but still sick!

By krazzognik
Jul 5, 2005
Topic Status:
Not open for further replies.
  1. Same story, task manager/regedit/msconfig closes... so does device manager! Something else, adaware freezes when it gets to windows/system32/npp, well not freezes, i can cancel the search, but it more or less freezes. so i'll do a custom check of everything but that folder, and then that folder and nothing else and adaware will run normal, and finds nothing wrong. also my documents will randomly open, (only 3 times thus far, problems first noticed about 2 days ago) antivirus finds nothing, spybot did its thing and got rid of a few. but the big prob still remains! Any help would be greatly appreciated!
     

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    FireDaemon.EXE
    rpcapd.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    FireDaemon.EXE
    rpcapd.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
    O23 - Service: FireDaemon Service: host (host) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: FireDaemon Service: scvhost (scvhost) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
     
  3. krazzognik

    krazzognik TS Rookie Topic Starter

    did all that but still had some issues... but did find the culprit with the trendmicro online scan, it was the ituneshelper.exe... symantec didnt see the virii until trendmicro did...stupid virus scan thanks for the help!!
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    I doubt that ituneshelper.exe is a baddie, that must be a socalled 'false positive'.
    Did Trendmicro 'clean' it or delete it, or what?

    Please tell me as much as you can, as loads of HJT-logs have this program in it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.