OptikaliLLusion Posted December 19, 2005 Posted December 19, 2005 Well, for some reason, XFire, Steam, AIM, OutlookExpress, and mIRC have been acting wierd. mIRC crashes when I load the NNScript set up, and XFire, Steam, and Outlook all crash after loading. This just suddenly happened. Thursday night: Type history paper, turn off computer, nothing else at all Friday Night: Turn on computer, all these apps are messed up Did an AVG virus scan, a Spybot scan, and a CCleaner scan. No luck. Logfile of HijackThis v1.99.1 Scan saved at 6:36:58 PM, on 12/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Electronic Arts\EA Downloader\Core.exe C:\Program Files\AIM\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Documents and Settings\Martin Bate\My Documents\FAH\FAH504-Console.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Documents and Settings\Martin Bate\My Documents\FAH\FahCore_65.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN c:\program files\common files\aol\1132622014\ee\aolsoftware.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Martin Bate\Desktop\hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132622014\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [steam] Z:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: Shortcut to FAH504-Console.lnk = C:\Documents and Settings\Martin Bate\My Documents\FAH\FAH504-Console.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132622323921 O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Share this post Link to post Share on other sites More sharing options...
Vasto Posted December 20, 2005 Posted December 20, 2005 Upload your Logfile to http://hijackthis.de Whats this? C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe Found your problem: c:\program files\common files\aol\1132622014\ee\aolsoftware.exe hehe Share this post Link to post Share on other sites More sharing options...
Ste Posted December 20, 2005 Posted December 20, 2005 Before attacking a problem with HIjackthis, Please download these following programs. Ewido Secruity Suit CWShredder Adware SE Personnel For all Except CWShredder, Update them. Run them and Delete/quarntine what they find. Run CWShredder after you preform Ewido and Adware. Next, Run both of these Online Anti Viruses Scanners and Save the logs. Kaspersky Scan Panda Scan Allow them to delete/fix items them find. After those AV scans, Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. After everything listed above, please rerun Hijackthis and post the new log along with the Antivirus Scans in your reply. If you are confused or can't figure something out, PM me or view my profile for other means to contact me. Oh vasto, Both things you listed in your post are not the problem. http://www.liutilities.com/products/wintas...brary/wzcsldr2/ http://www.liutilities.com/products/wintas...ry/aolsoftware/ Share this post Link to post Share on other sites More sharing options...
Hushplz Posted December 20, 2005 Posted December 20, 2005 A quick look over your hijackthis scan looks clean to me Share this post Link to post Share on other sites More sharing options...
Vasto Posted December 20, 2005 Posted December 20, 2005 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install What are these? Share this post Link to post Share on other sites More sharing options...
Hushplz Posted December 20, 2005 Posted December 20, 2005 Aim and Nvidia Share this post Link to post Share on other sites More sharing options...
Vasto Posted December 20, 2005 Posted December 20, 2005 I know that the first one is AIM but look at the end. Something about cnet? I know that deadaim 4.5 replaces a odl so that looks kind of suspicious. Share this post Link to post Share on other sites More sharing options...
Ste Posted December 20, 2005 Posted December 20, 2005 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install What are these? 601327[/snapback] I just Did some reasearch and none of those are spyware/maleware. Im waiting for him to come back and respond, with those other scans. Share this post Link to post Share on other sites More sharing options...
JerrDogg77 Posted December 20, 2005 Posted December 20, 2005 man thats alot of trash running, i never have more than 28 procs running, i suggest doing msconfig, and getting rid of some of that stuff you dont need from running on start up. Share this post Link to post Share on other sites More sharing options...
Vasto Posted December 22, 2005 Posted December 22, 2005 I'm assuming the problem was fixed right? If it wasn't than run the scans and post the logs that STE suggested. Share this post Link to post Share on other sites More sharing options...
Ste Posted December 22, 2005 Posted December 22, 2005 I'm assuming the problem was fixed right? If it wasn't than run the scans and post the logs that STE suggested. 602863[/snapback] He PMed me about it, It actualy had nothing to do with spyware or Viruses, which I assumed after I saw that there was really nothing substantial in his log. He said he downloaded some IE secruity update or Updated windows and that "seemed" to fix his problem. Im just assuming that no news is good news. Btw Vasto: what Site are you going to for HJT Camp? Share this post Link to post Share on other sites More sharing options...
Vasto Posted December 22, 2005 Posted December 22, 2005 TechSupportForum I just have to send in Questionare #2 (already filled it out) Share this post Link to post Share on other sites More sharing options...
Recommended Posts