1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: HJT log requested to be posted here

Discussion in 'Virus & Other Malware Removal' started by RT, Feb 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. RT

    RT Thread Starter

    Joined:
    Aug 20, 2000
    Messages:
    10,948
    Hi folks,

    Our good member Stallcup is assisting me in a problem in this thread,
    and has requested I post a HJT log for your perusal in this forum, so here it is, attached.

    Thanks for your time and help!
     

    Attached Files:

  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    RT----Much easier for you to get help posting the log this way:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:52:18 PM, on 2/11/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\anvshell.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Me\My Documents\HiJackThis!\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy/:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102979126293
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  3. RT

    RT Thread Starter

    Joined:
    Aug 20, 2000
    Messages:
    10,948
    Post log, rather than attach, you mean?

    Luckily, mine's shorter than most I've seen... :)
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi,, Yes, posting the log is much easier. Anyway, looked at your other thread, I don't have any help for you, sorry to say....nothing in the log indicates any malware, but, not all shows in Hijackthis.

    I would say it's the boot record as you were working on in the other thread. If the drive cannot start at all as a booting drive somehow, there probably is not much you can do except by operating on it while it is in as a secondary.
    Good time to rescue files from it.
     
  5. RT

    RT Thread Starter

    Joined:
    Aug 20, 2000
    Messages:
    10,948
    Yeah, I'm starting to think I should backup what i can, not worry about installed programs. Just try to save my files, get all I really don't want to lose in a safe place and start fresh...even if I have to get a new second drive...it may be the drive's controller :mad:

    I was pretty sure I was clean enough with HJT, I follow the general advice 'round here mostly, as a routine :)
    Just posting as my advisor re: other thread suggested!

    Thanks for looking and advising, Byteman.(y)
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    You are welcome! We do try to avoid advising a fresh install, or getting a new hard drive and installing, but sometimes it's the best way. Really, you can't depend all that much on a machine, it isn't human.
    I survived an exploding laptop, and the two hard drives I smoked with a bad power supply and some other minor disasters. Now I don't hold laptops down there and I don't sit next to machines running with the sides off.
     
  7. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Out of curiosity, why don't you have any Windows service packs installed? :eek:

    Quite possibly, that may help the other problem.
     
  8. RT

    RT Thread Starter

    Joined:
    Aug 20, 2000
    Messages:
    10,948
    Sorry Candy, didn't know you'd posted here until you posted it the other thread. I responded to you in the other one.

    :eek:
    Live and learn, eh, Byteman? (...said RT as he adjusts the position of his opened up running machine...;) )

    Guess, I'll mark this Solved, as the log passed inspection.
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I have a machine running at the moment, sitting on the floor, power supply ontop of the case :eek:

    My office is a disaster area :D
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Candy, Never had a power supply itself smoke, burn, explode etc.
    It's what they do to all the rest of the equipment.....:eek:

    The notebook (ThinkPad, and an older one) blew up on my desk, inches from my body, face, etc. The battery pack exploded and flames enveloped the whole machine, the room was full of acrid choking fumes and black sooty smoke in seconds....whole family had to evacuate until the mess was cleared up. I had only a tiny warning> things got hot in just seconds, no time to react until it burned...pulled out the AC cord, grabbed an old towel, and tried to get a good grip on the notebook, meanwhile holding my sweatshirt over my nose and mouth so I could breathe a bit....ran the flaming rig out the door and smothered it on the porch floor, and poured water all through it. The towel of course didn't cover all the fingers, so they got some nice blisters, the battery pack was of course, underneath....right where the problem was the worst.

    End of story, now I do not run any on my lap or bend closely over them while testing, fixing etc.
    The thing was a donation brought in by a church, someone gave them the old ThinkPad, I was scanning it online....the battery pack was charging, but never seemed to reach 100%....and I had it plugged into AC power all night! That probably should have given me a "clue" but being a bit new to battery problems, I stuck it out, kept the battery pack in while working....and bam!
    Now, I run notebooks on AC, without the battery packs in, what the heck, the owner can charge his own pack up at home! The ThinkPad also had no battery monitoring software, as the owner had not used the restore disks, and just ran a copy of win98...which might have ruined the battery, I can't say.
    Everything in my workshop/office was layered with black dust from the smoke. It all ended safely enough but I will never leave a notebook/laptop charging overnight again, nor hold one on body parts, that was close! I still have some of the rescued parts, like a RAM chip and the hard drive, they both still work fine...but they still smell!

    This happened back spring 2005- you may have seen my reply a few times before to people with notebook symptoms like heating up, where I warned them about overcharging batteries.
     
  11. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    :eek: Scary story :(
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/441916

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice