Log files
- Thread starter mick123
- Start date
- Status
SpiritWind
Posts: 162 +0
2 antivirus programs
As Kazi said, you HijackThis Log indicates indicates you have 2 antivirus programs
"running", a security no-no . Personally I would not have neither McAfee or AVG 8
on my computer and when you uninstall either or both you should ALSO use their
"Removal Tool(s)" .
As Kazi said, you HijackThis Log indicates indicates you have 2 antivirus programs
"running", a security no-no . Personally I would not have neither McAfee or AVG 8
on my computer and when you uninstall either or both you should ALSO use their
"Removal Tool(s)" .
Bobbye
Posts: 16,313 +36
mbam removed multiple infections.
HijackThis shows the following antivirus program entries. This indicates that you are running two fully functioning antivirus programs. This is not recommended. Decide which you want, delete the entries for the "other" program, uninstall the "other" program and Disable all the Services for the "other" program.
To have Hijack this remove the entries for the "other" program:
Reopen HijackThis and scan, Put a check in the processes below that you do not want to keep (the "other" program): I have grouped the entries for your convenience
HijackThis shows the following antivirus program entries. This indicates that you are running two fully functioning antivirus programs. This is not recommended. Decide which you want, delete the entries for the "other" program, uninstall the "other" program and Disable all the Services for the "other" program.
To have Hijack this remove the entries for the "other" program:
Reopen HijackThis and scan, Put a check in the processes below that you do not want to keep (the "other" program): I have grouped the entries for your convenience
Bobbye
Posts: 16,313 +36
Why did you get rid of one of the two antivirus programs, then install another one!
ONE antivirus program!
I am not going to go through all those entries again! Now your choice is between McAfee OR Avast- NOT both! When you make that decision and stop loading more AV programs, we can proceed with the logs.
You can have SuperAntispyware remove all the Tracking Cookies. You should also change you Cookie settings to Accept First Party only and Blocked or Prompt for Third Party. This is in Internet Options> Privacy tab> Advanced button.
Do Not, repeat, Do Not install another antivirus program! Uninstall EITHER McAfee OR Avast. You cannot, should not run both! Whichever AV you keep needs to be curent in updates.
Post new logs when done.
ONE antivirus program!
I am not going to go through all those entries again! Now your choice is between McAfee OR Avast- NOT both! When you make that decision and stop loading more AV programs, we can proceed with the logs.
You can have SuperAntispyware remove all the Tracking Cookies. You should also change you Cookie settings to Accept First Party only and Blocked or Prompt for Third Party. This is in Internet Options> Privacy tab> Advanced button.
Do Not, repeat, Do Not install another antivirus program! Uninstall EITHER McAfee OR Avast. You cannot, should not run both! Whichever AV you keep needs to be curent in updates.
Post new logs when done.
Bobbye
Posts: 16,313 +36
mick, I helped you with this problem in June. The files in question are still on the system. Your subject then was:
I asked you about numerous Services showing with 'unknown owner' and 'file missing' but see those same Services are still- or again- on the system. You were assisted in the cleaning then and your logs were clean. Advice for protection was given.
Is your referral to a virus here something new or are you still working on the June cleanup? Have SuperAntispyware remove the 2 tracking Cookies. Then add the following to Restricted sites:
Internet Options> Security> Restricted sites> Sites> type in each, then click on Add:
Open HijackThis and check the following:
Control Panel> Administrative Tools> Services> set these Services as follows:
I asked you about numerous Services showing with 'unknown owner' and 'file missing' but see those same Services are still- or again- on the system. You were assisted in the cleaning then and your logs were clean. Advice for protection was given.
Is your referral to a virus here something new or are you still working on the June cleanup? Have SuperAntispyware remove the 2 tracking Cookies. Then add the following to Restricted sites:
Internet Options> Security> Restricted sites> Sites> type in each, then click on Add:
Open HijackThis and check the following:
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
Control Panel> Administrative Tools> Services> set these Services as follows:
When you have finished configuring the Services, reboot into Normal mode. Run HijackThis and attach the log
Bobbye
Posts: 16,313 +36
Please clarify "This problem is something new."
Please note what security programs you currently have.
Please clarify: "Symptoms seem to have gone but internet speed seems to be slow."
Please advise what type of connection you have for the internet- dial-up, cable, DSL?
Please advise how many process show running in the Task Manager.
Please advise what programs are on your Startup menu.
Please advise how much RAM is installed.
Please note what security programs you currently have.
Please clarify: "Symptoms seem to have gone but internet speed seems to be slow."
Please advise what type of connection you have for the internet- dial-up, cable, DSL?
Please advise how many process show running in the Task Manager.
Please advise what programs are on your Startup menu.
Please advise how much RAM is installed.
Hi Bobbye
The problem i had seem to be a new one because when i completed everything on my last thread my laptop was fine.
This last problem occured recently just when i turn on my laptop, I didnt go to a web page or anything and all of a sudden pop ups came up and my background went blue with a warning. I thing it was antivirus xp 08 or thing like that.
The only security program i have is mcafee.
All Symptoms are gone and internet speed seem alright it just some site are taking longer to load slower then before especially this sight.
Im connected to dsl .
I have 40 process running in task manager.
In my start up menu i have Accessories, Admin tools, Dell accessories,
Limewire, McAfee, Startup, WinRAR, Internet Explorer, Outlook express,
Remote assistance and Window media player.
When i go to the general tab in system it says 0.99 GB of ram.
The problem i had seem to be a new one because when i completed everything on my last thread my laptop was fine.
This last problem occured recently just when i turn on my laptop, I didnt go to a web page or anything and all of a sudden pop ups came up and my background went blue with a warning. I thing it was antivirus xp 08 or thing like that.
The only security program i have is mcafee.
All Symptoms are gone and internet speed seem alright it just some site are taking longer to load slower then before especially this sight.
Im connected to dsl .
I have 40 process running in task manager.
In my start up menu i have Accessories, Admin tools, Dell accessories,
Limewire, McAfee, Startup, WinRAR, Internet Explorer, Outlook express,
Remote assistance and Window media player.
When i go to the general tab in system it says 0.99 GB of ram.
Bobbye
Posts: 16,313 +36
Okay, 40 processes is a reasonable number. But let's clean up the Startup.
Are these what is listed on the Startup menu using the misconfig utility? It looks like a strange assortment. We're not talking about what's on the Start screen if you click on Start- you can have as many or as few as you want there.
What needs to be looked into is: Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> Startup tab> the only processes that need to be checked to start at boot are the antivirus, firewall, touchpad if on laptop and network process if on network. Uncheck any others> Apply> OK> Reboot
Close the nag message after checking 'don't show this message again'. Stay in Selective Startup.
You mentioned having Remote Assistance- what are you doing with that-now? This is not a Service you should be running unless you ARE getting some type of Remote Assistance. Then you only run it at that time.
Are these what is listed on the Startup menu using the misconfig utility? It looks like a strange assortment. We're not talking about what's on the Start screen if you click on Start- you can have as many or as few as you want there.
What needs to be looked into is: Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> Startup tab> the only processes that need to be checked to start at boot are the antivirus, firewall, touchpad if on laptop and network process if on network. Uncheck any others> Apply> OK> Reboot
Close the nag message after checking 'don't show this message again'. Stay in Selective Startup.
You mentioned having Remote Assistance- what are you doing with that-now? This is not a Service you should be running unless you ARE getting some type of Remote Assistance. Then you only run it at that time.
Hi Bobbye
That list was not from the msconfig start up but from the start up menu.
I went to msconfig and unchecked the one i know about and the only ones i have left is
Igfxtray - system32
hkcmd - system32
Igfxpers -system32
Zcfgsvc -program files/intel/wireless/bin
ifrmewrk - program file/intel/wireless/bin
stsystra
ctfmon
I dont know what they are so i left them.
Thanks.
That list was not from the msconfig start up but from the start up menu.
I went to msconfig and unchecked the one i know about and the only ones i have left is
Igfxtray - system32
hkcmd - system32
Igfxpers -system32
Zcfgsvc -program files/intel/wireless/bin
ifrmewrk - program file/intel/wireless/bin
stsystra
ctfmon
I dont know what they are so i left them.
Thanks.
Bobbye
Posts: 16,313 +36
The following is a description of the processes you have on startup. Only the last in my list, needs to be on the Startup menu: Uncheck the following:
This process need to be on Startup:
A note about ctfmon: Per the description, if you do not use the Text Services and Speech applets in the Control Panel you can disable these features. If you do not, ctfmon will replace itself on the Startup.
A note about the graphics card and sound processes. Not having these processes on Startup does NOT mean you won't be using the graphics and sound cards. These processes provide tray applets that clutter the Notification Area. They do not 'make' these cards work!
This process need to be on Startup:
A note about ctfmon: Per the description, if you do not use the Text Services and Speech applets in the Control Panel you can disable these features. If you do not, ctfmon will replace itself on the Startup.
A note about the graphics card and sound processes. Not having these processes on Startup does NOT mean you won't be using the graphics and sound cards. These processes provide tray applets that clutter the Notification Area. They do not 'make' these cards work!
Bobbye
Posts: 16,313 +36
Yes, install Spywareblaster.
Try this for the Text & Speech bar:
To Turn Text Services On or Off
To turn text services on or off (using Classic view in Control Panel):
1. Click Start, click Control Panel, and then double-click Regional and Language Options.
2. On the Languages tab, under Text services and input languages, click Details.
3. Under Preferences, click Language Bar.
4. To turn text services off, select the Turn off advanced text services check box.
5. To turn text services on, clear the check box.
6. Click Yes if you are prompted to confirm your selection.
I have removed this on my system so can't guide you better. But you can find more details in handling this here:
http://support.microsoft.com/kb/306993
Try this for the Text & Speech bar:
To Turn Text Services On or Off
To turn text services on or off (using Classic view in Control Panel):
1. Click Start, click Control Panel, and then double-click Regional and Language Options.
2. On the Languages tab, under Text services and input languages, click Details.
3. Under Preferences, click Language Bar.
4. To turn text services off, select the Turn off advanced text services check box.
5. To turn text services on, clear the check box.
6. Click Yes if you are prompted to confirm your selection.
I have removed this on my system so can't guide you better. But you can find more details in handling this here:
http://support.microsoft.com/kb/306993
Bobbye
Posts: 16,313 +36
Let's Get rid of the old restore points.They can get infected and are protected files, so the cleaning doesn't remove them:
Control Panel> System> system Restore tab> CHECK 'turn off System Restore'> Apply> OK> Reboot
Now go back in and UNCHECK the 'turn off'.
Set a new Restore Point.
Control Panel> System> system Restore tab> CHECK 'turn off System Restore'> Apply> OK> Reboot
Now go back in and UNCHECK the 'turn off'.
Set a new Restore Point.
Bobbye
Posts: 16,313 +36
Just one other thing. You can remove the tools you used for cleaning:
*OTCleanit! by Oldtimer*
* Download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
* Click the CleanUp! button
* It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Enjoy your clean, faster computer!
*OTCleanit! by Oldtimer*
* Download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
* Click the CleanUp! button
* It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Enjoy your clean, faster computer!
Bobbye
Posts: 16,313 +36
,mbam has handled 2 infected Registry entries. SAS is showing infection in DVD2ONE V2:
Do a right click on Start> Explore> Programs> right click on DVD2ONE V2> scan with antivirus.
Report results.
Before I go through the HijachThis logs, please tell me what the problem is she is having. Is she getting a redirect on the browser?
There are also some Real Time programs that need to be stopped and Hijackthis run after:
Temporarily Disable Real Time Monitoring Programs:
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
This includes:
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Please disable this while cleaning:
D:\Program Files\PeerGuardian2\pg2.exe
Malwarebytes is still loading and running. Please disable it.
The entries in 018 for {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} are legitimate but I am unable to access castlecops for the other entries at this time.
Remove the following when you run Hijack again:
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} appears to be for Windows Image Acquisition but I can't verify the CLSID now.
We'll finish with the rest of the log when you tell me what the problem are.
Do a right click on Start> Explore> Programs> right click on DVD2ONE V2> scan with antivirus.
Report results.
Before I go through the HijachThis logs, please tell me what the problem is she is having. Is she getting a redirect on the browser?
There are also some Real Time programs that need to be stopped and Hijackthis run after:
Temporarily Disable Real Time Monitoring Programs:
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
This includes:
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Please disable this while cleaning:
D:\Program Files\PeerGuardian2\pg2.exe
Malwarebytes is still loading and running. Please disable it.
The entries in 018 for {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} are legitimate but I am unable to access castlecops for the other entries at this time.
Remove the following when you run Hijack again:
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} appears to be for Windows Image Acquisition but I can't verify the CLSID now.
We'll finish with the rest of the log when you tell me what the problem are.
- Status
Similar threads
Latest posts
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- VariableSpike replied
