Is there any virus or harmful things in my computer?

By casper11
Oct 13, 2007
Topic Status:
Not open for further replies.
  1. hello everyone,
    I'm new here. i really don't know much about computer. so i do hope u all can help me when I've doubt. next time I'll try to post a report on my virus scan system..(because i think my computer is a bit slow these days). hope u all can help me...:) bye

    do u know why my computer become slow??

    I've my SmitFraudFix v2.240 report too but i don't think it is necessary..if u think it is necessary pls let me know...I'll post it:)
  2. Jase123

    Jase123 Banned Posts: 1,122

    Please use the Edit button rather than making a new post when there are no other replies in between.

    Also, HJT logs are meant to be uploaded as attachments.

    Read this: Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    See this THREAD, on how to upload your HJT log as attachments.

    Regards Jase :)

    This thread is for the use of casper11 only. Please do not post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
  3. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    where can i get the panda antirookit scan? currently i'm using AVG Anti rootkit free, is that ok?
  4. TheJediSlayer

    TheJediSlayer Newcomer, in training Posts: 182

  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    casper11:

    All the links to all the required programmes are in this thread HERE.

    Please follow the instructions and post the requested log files.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    may i know where and how i can get the AVG Antispyware log or report? i don't know where to get it..:(

    besides as for the panda antirootkit scan result shows nothing was found.

    I've follow all your 15 steps except 1 . i don't know how to reboot to other user beside the computer Administrator :(
  7. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You can find a guide to using AVG Antispyware HERE. That link is also in the thread I gave you the link for in my post above.

    All you have to do is read the instructions. ;)

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8E8CFCE-C794-4592-8F0F-FFAF9F6CA80F}: NameServer = 172.16.240.250,172.16.241.250<Onlyfix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Let me know if you`re having any problems.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  8. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    after I've fixed this following lists that u given me except my ISP, this is the results after I've reboot my computer n scan it again
  9. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Have HJT fix the following.

    O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

    Click the fix checked button and close HJT.

    Reboot your computer and post a fresh HJT log.

    Let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  10. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    this is the result after fixed n rebooted and scanned(what is attach is this, the final result)

    may i know what are all these?
  11. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    I`ve asked you several times to let me know if you`re still having problems and you have ignored me. Please let me know this time.

    Regards Howard :)
     
  12. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    i think I've no more problem ( if u didn't see any?) but i've some questions regarding that..

    actually what are that all about? I mean the things that u tell me to fix?? may i know what are that? n how to prevent these problems happen again?
  13. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    The last 8 items I had you fix were not nasty, but were unnecessary to have running on startup.

    Since you`re not having any problems, you should be good to go.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    For info on how to keep your system safe, see this thread HERE.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  14. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    thank you for everything...i hope i'll never have to see u again.. but i don't think so ...:)

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
  15. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    this is the fresh log from HJT.
    currently I've some softwares which i don't know what are the functions. if u are kind enough please let me know what are they. they are

    1.BRCM 4.40.19.40
    2.Attribute Changer 5.23
    3.J2SE Runtime Environment 5.0 Update 5
    4.TIPCI
    5.RegShot 1.7

    note: this are the names display on the ccleaner tools section. some of these softwares i can't even see in the "add or remove programs"


    i hope u can help me:)
  16. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    All the items below can safely be stopped/fixed in order to stop them running on startup and thereby speeding up your system. Feel free to stop all or any you want.

    Services that can be stopped.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    AVG Anti-Spyware Guard
    Bluetooth Service (btwdins)
    Cyberlink RichVideo Service(CRVS)
    CyberLink Media Library Service
    CyberLink Task Scheduler (CTS) (CLSched)
    CyberLink Background Capture Service (CBCS) (CLCapSvc)


    Close the services window.

    Startups that can be stopped/fixed. Again, feel free to fix any or all the items below.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [EzButton] C:\PROGRA~1\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe

    O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe

    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

    O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

    O4 - Startup: Y'z Toolbar.lnk = ?

    O4 - Startup: YPOPs.lnk = ?

    O4 - Global Startup: Bluetooth.lnk = ?

    Click on the fix checked button.

    Close HJT and reboot your system.

    Please note: If you have HJT fix something and then decide you want to have it running again, do the following.

    Run HJT and click the config button. Click the Backups button, tick the entries you want to restore and click the restor button etc. Reboot your system.

    Let me know if any of the above helps to improve your systems speed.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  17. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    pop up box:connection to service failed. please reinstall AVG anti-spyware 7.5

    so what should i do now?

    this is the fresh HJT log.

    some of the listed , i didn't fix it. this is because i know what are that n i think i need they, but others I've no idea what are they so i just follow whatever you..

    I'm totally a computer layman.. ha..ha...:)
  18. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    If you relly want AVG Antispyware to run in the background, just re-enable the AVG Anti-Spyware Guard service.

    Your HJT log looks fine.

    Edit: How often are you thinking of using AVG Antispyware? OPersonally, I`d disable the service and re-enable it, only when I wanted to use the programme.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    i don't understand:(.. i cannot even run the software. meaning each time i click on the icon the pop up box appear. i think i can't even update too..:(

    'm i correct??
    please correct me if I'm wrong:)
  20. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    In order to run AVG Antispyware, you will need to re-enable the AVG Anti-Spyware Guard service.

    That means you do the following.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) Set the startup type to Automatic Click the start button. Click apply/ok.

    AVG Anti-Spyware Guard

    Close the services window.

    Alternatively, just uninstall it. Do you really want/need it?

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  21. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    thank you.. it really fasten when i start my computer!! i mean my computer do less works when start up window. ... happy..:)

    but may i ask?? are u sure all other fixed programs are gonna make my computer no harm?? just need to confirm:)

    again thank you Howard:)

    you help me twice:)
  22. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Yes, all the programmes I told you, you could stop from running on startup are perfectly safe to do so.

    I`m glad your system is now running faster.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  23. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    some peoples told me that if i don't to make your computer run faster you could overclock it.. what's that mean?? n how to do so?

    n i asked them is there any harm to my computer , then they said overclock a bit ( not too much )is ok....

    currently I've some softwares which i don't know what are the functions. if u are kind enough please let me know what are they. they are

    1.BRCM 4.40.19.40
    2.Attribute Changer 5.23
    3.J2SE Runtime Environment 5.0 Update 5
    4.TIPCI
    5.RegShot 1.7

    note: this are the names display on the ccleaner tools section. some of these softwares i can't even see in the "add or remove programs"


    i hope u can help me:)
  24. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Regshot.

    J2SE Runtime Environment 5.0 Update 5 is an old version of Java. you should go to add remove programmes and uninstall al versions of Java except for version 6 update 3 which is the latest version.

    Attribute Changer.


    BRCM 4.40.19.40 belongs to Broadcom and is from your ISP.

    TIPCI. Not sure about that one.

    If you need advice about overclocking, you should ask in our Overclocking, Cooling and Modding forum.

    Regards Howard :)

    This thread is for the use of casper11 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  25. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    TIPCI. i also don't know what is that. so do u think i should uninstall it? it is only shows in the ccleaner not in the "add or remove programs"

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.