183 replies to this topic

[LDTate]

Post a new HJT log and I'll try and help you remove the ones you don't need.

[kaminikij]

Im sure running better than before. Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 6:49:08 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = adelphia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.ade...TESTACTIVEX.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[LDTate]

I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

These aren't bad but are resource hogs and not needed at startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Empty Recycle Bin

It's not a good idea to run 2 anti-Virus programs. You need to decide which one you want running. Grisoft or Trend Micro.

If you still have Ewdio you can remove that also.

What other programs do you have that you might want to remove?

[kaminikij]

Done. Trend micro is a spyware scanner. Its seperate from their virus software. I run Avg and have asked if its compatable and they said it is. I dont have to keep it but after going thru all this I wanted somethig to monitor my system I will remove it if you still think I should. No problem. Ewido is uninstalled. Something called IEfix, its registration entries. hsfix is in a folder on my desktop. the 12 mfix we did yesterday. andDeldomains( might be good to keep?) i also have a program called registrt mechanic that I installed myself about 2 years ago. Should I keep it. I only really use it if I uninstall something.

Edited by kaminikij, 08 October 2005 - 05:59 PM.

[LDTate]

Done. Trend micro is a spyware scanner. Its seperate from their virus
software. I run Avg and have asked if its compatable and they said it is.
I dont have to keep it but after going thru all this I wanted somethig to monitor my system I will remove it if you still think I should. No problem. Ewido is uninstalled. Something called IEfix, its registration entries. hsfix is in a folder on my desktop. the 12 mfix we did yesterday. andDeldomains( might be good to keep?) i also have a program called registrt mechanic that I installed myself about 2 years ago. Should I keep it. I only really use it if I uninstall something.

Keep Trend Micro. I thought it was a AVG.

You can remove these: IEfix, hsfix, mfix, and Deldomains. You can always download these again if needed, plus they would be outdated anyway.

I'd keep registry mechanic. It's a good program.

Is it running better?

[kaminikij]

I cant find deldomains or msix in the add/ remove how do I uninstall. Now I have a new thing on my desktop, its not a folder and was not there this morning. Its named blank and its properties are named blank. I dont know how or why its there.

[LDTate]

I cant find deldomains or msix in the add/ remove how do I uninstall.
Now I have a new thing on my desktop, its not a folder and was not there this morning. Its named blank and its properties are named blank.
I dont know how or why its there.

If you did a search for deldomains or msix files and they're not listed, they are gone. These are just a file, not a program.

named blank

Again, my guess is either it should be a hidden file or it's from a deleted file. Right Click on it and select delete.


Did you re-hide Hidden and System files? If not, you should.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK

[kaminikij]

yes I did that now. How do I uninstall the deldomains and mfix. And another question, do you ever get to sleep? You're awesome

[LDTate]

yes I did that now. How do I uninstall the deldomains and mfix.
And another question, do you ever get to sleep? You're awesome

The deldomains was a fix to restore the trusted zones. It's a .inf file which you want to leave on your PC.

mfix

I don't know what that is.

do you ever get to sleep

Not much on the weekends

[kaminikij]

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

this one 1smfix

Edited by kaminikij, 09 October 2005 - 01:57 PM.

[LDTate]

Yes, you can delete that one also.

[kaminikij]

Ok great. and what about the backup files? do I keep those. One is a registration backup 57,6555B and then on my desktop there is a backup folder with 3 enties that are a bunch of numbers.

[LDTate]

You can remove those also

[kaminikij]

great. i look like I have a desktop now. Im afraid to do this but should I try cwshredder in safe mode one more time to be sure now that Im using IE again? or anything else?

[LDTate]

great. i look like I have a desktop now. Im afraid to do this but should I try cwshredder in safe mode one more time to be sure now that Im using IE again? or anything else?

Sure, why not.

anything else?

We've done everthing I can think of.