Another HJT log or two!!!

By Rik ยท 6 replies
Oct 26, 2006
  1. Hi Howard, i have been using a friend of a friends pc as a guniea pig for my attempt at learning more about HJT!!!!

    HJT log 1 is from when i first got the pc and HJT log 2 is after me having a go at it!!!!
  2. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Hi Rik,

    I'm starting to learn about HJT logs. Howard will correct me if I'm wrong hehe :)

    Some people recommend to disable this service. It's used by Media player. I'm sure you can disable it in msconfig, startup tab, or services tab.
    Some guys claim that it's a form of spyware, some say it's harmless.
    But you should disable it, it's not essential.

    Since I'm too dumb for this yet, I'd recommend to listen to Howard's advice :)

    Regards :wave:
  3. Rik

    Rik Banned Topic Starter Posts: 3,814

    Thanx for the advice Wolfram, i too am learning as i said in my first post!!!!
    I'm hoping i can fix this pc before it goes up in smoke!! hehe!!
    It's an emachine, like ewww, its horrible and will probably die from the crappy psu in it!!!!

    Q - Whats the best thing about an emachine?
    A - The moment you give it back to the poor mug that actually parted with cash for that pile of s**t!!!!!!
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That is one of the most badly infected systems I`ve seen for quite some time. No antivirus or firewall software and you can see why it`s so bad and that`s only what I can see. With a renamed HJT log I shudder to think what`s there.

    Based on the first HJT log, I`d recommend reformatting and starting from scratch.

    I can`t comment on the second HJT log as I don`t know how things have been fixed.

    BTW: The MsPMSPSv.exe file is not nasty and is part of the Windows media player.

    Regards Howard :)
  5. Rik

    Rik Banned Topic Starter Posts: 3,814

    I got rid of norton first off, then scanned with some crap that was on it and was out of date for a laugh, it found nothing!!! I then installed etrust antispyware and it found 54 infections!!! I then used HJT to remove some more crap from it and its not perfect yet, but it is running a hell of a lot faster and has no boot errors or popups of any kind!! It only comes up with 2 error boxes when it shuts down but they flash up that quickly that i don't get a chance to see what they say!!!!
  6. wolfram

    wolfram TechSpot Paladin Posts: 1,967   +9

    Hmm, like Howard said, a full format would be better. Then prevent future infections, using AVG Free, and Zonealarm's free firewall, also, some antispyware and antitrojan tools.

    But like you said, it an E-machines, who cares about it :p
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s the problem right there. Simply fixing something with HJT doesnt actually get rid of it. Depending what it is, It needs to be physically removed from the system.

    That`s why I couldn`t comment on HJT 2.

    For instance, all these are bad and need uninstalling/deleting

    C:\Program Files\PowerCodec\isamonitor.exe
    C:\Program Files\PowerCodec\pmsngr.exe
    C:\Program Files\PowerCodec\pmmon.exe
    C:\Program Files\PowerCodec\isamini.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe
    C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe
    C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = wuwN/oqwTWhUdpG91HQWAAMtZMekQFTZfgnDQLpiPgLT87KDT1yeDkU4yiJ+PgdxY7FcIzupUMLFRTgq Q/WLW4fupSo/yK+j2DpzMXppVfOibUJ4tVdOIj8Psh9P8p7/wtcYztRfo5gFkOsPWoh

    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware343\bin\Starware343.dll

    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\PowerCodec\isaddon.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll<Fix only

    O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\PowerCodec\iesplugin.dll

    O3 - Toolbar: Starware343 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware343\bin\Starware343.dll

    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot

    O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe

    O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

    O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"

    O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"

    O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c

    O4 - HKLM\..\Run: [NI.UWAS6_0001_N91M1508] "c:\documents and settings\alan reid\application data\winantispyware2006freeinstall[2].exe" -nag

    O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe

    O4 - HKLM\..\RunServices: [msnsched] msnsched.exe

    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O10 - Hijacked Internet access by New.Net<Do not fix with HJT. Newnet needs to be uninstall, or if that`s not possible the newnet downloadable uninstaller programme should be used.

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -

    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -

    O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll

    The above are all the entries that need to be got rid of. All the programmes should be uninstalled. Anything that`s run as a service needs to have it`s services stopped. All the .exe files must be stopped from running via task manager. All the files must be deleted apart from the one I said fix only.

    The last entry will probably need Killbox to get rid of it.

    Now do your see what I mean?

    Regards Howard :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...