Back To Microsoft Windows Forum

is my computer working good condition

  • dthames0702
  • Novice
  • Novice
  • No Avatar
  • Joined: Sep 06, 2004
  • Posts: 26
  • Status: Offline

Post September 15th, 2004, 2:24 am

can anyone check this log and are there any problems
Logfile of HijackThis v1.98.2
Scan saved at 5:16:51 AM, on 9/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Registration\xmlvss.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Documents and Settings\pelaez.1\My Documents\download\mp24wr\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\mickey\LOCALS~1\Temp\ssvlmx.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\System32\EXPLORER.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [*xmlas] C:\WINDOWS\Tasks\xmlas.exe
O4 - HKLM\..\Run: [*binw] C:\WINDOWS\addins\binw.exe
O4 - HKLM\..\Run: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe
O4 - HKLM\..\RunOnce: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe rerun
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\System32\bkinst.exe ren
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton AntiVirus\navapw32.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe
O4 - Global Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post September 15th, 2004, 2:24 am

  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 17, 2004
  • Posts: 2062
  • Status: Offline

Post September 15th, 2004, 2:52 am

There's a couple of problems but it shouldn't be to difficult to sort out.

First, visit Trend Micro's HouseCall.
Select your location and click Go.

After that finishes, reboot. Run Hijack this, scan and post the new log.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 17, 2004
  • Posts: 2062
  • Status: Offline

Post September 15th, 2004, 5:49 am

When and if you make it back, here's some things you can do:

Copy and paste the following code into notepad and save as: "c:\fix.cmd"
Include the quotes when entering the file name in the box at the bottom.
** Do not execute this file yet **
Code: [ Select ]
@echo off
pskill xmlas.exe

attrib -s -r -h C:\WINDOWS\Tasks\xmlas.exe
attrib -s -r -h C:\WINDOWS\addins\binw.exe
attrib -s -r -h C:\WINDOWS\Registration\xmlvss.exe
attrib -s -r -h C:\WINDOWS\System32\bkinst.exe

del C:\WINDOWS\Tasks\xmlas.exe
del C:\WINDOWS\addins\binw.exe
del C:\WINDOWS\Registration\xmlvss.exe
del C:\WINDOWS\System32\bkinst.exe

del "C:\Documents and Settings\pelaez.1\Local Settings\Temp\*.*"
del "C:\Documents and Settings\Administrator\Local Settings\Temp\*.*"
del "C:\Documents and Settings\Default User\Local Settings\Temp\*.*"
cls
Echo.
Echo Finished Killing processes and deleting files.
Echo **Press any key to launch Hijack This **
pause
"C:\Documents and Settings\pelaez.1\My Documents\download\mp24wr\HijackThis.exe"
notepad c:\fix.txt
Echo.
Echo Press any key when you are finished with hijack this...
Pause
  1. @echo off
  2. pskill xmlas.exe
  4. attrib -s -r -h C:\WINDOWS\Tasks\xmlas.exe
  5. attrib -s -r -h C:\WINDOWS\addins\binw.exe
  6. attrib -s -r -h C:\WINDOWS\Registration\xmlvss.exe
  7. attrib -s -r -h C:\WINDOWS\System32\bkinst.exe
  9. del C:\WINDOWS\Tasks\xmlas.exe
  10. del C:\WINDOWS\addins\binw.exe
  11. del C:\WINDOWS\Registration\xmlvss.exe
  12. del C:\WINDOWS\System32\bkinst.exe
  14. del "C:\Documents and Settings\pelaez.1\Local Settings\Temp\*.*"
  15. del "C:\Documents and Settings\Administrator\Local Settings\Temp\*.*"
  16. del "C:\Documents and Settings\Default User\Local Settings\Temp\*.*"
  17. cls
  18. Echo.
  19. Echo Finished Killing processes and deleting files.
  20. Echo **Press any key to launch Hijack This **
  21. pause
  22. "C:\Documents and Settings\pelaez.1\My Documents\download\mp24wr\HijackThis.exe"
  23. notepad c:\fix.txt
  24. Echo.
  25. Echo Press any key when you are finished with hijack this...
  26. Pause


If you don't have pskill already, then download this zip and extract pskill.exe to c:\windows\system32\
http://www.sysinternals.com/files/pskill.zip
This file is needed for the above batch to run correctly.

Next, copy and paste the following into notepad and save as: "c:\fix.txt"
Again, include the quotes when entering the filename.
Code: [ Select ]
Please click scan in Hijack this, check the following items if present and click 'Fix Checked'.

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\mickey\LOCALS~1\Temp\ssvlmx.dat
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [*xmlas] C:\WINDOWS\Tasks\xmlas.exe
O4 - HKLM\..\Run: [*binw] C:\WINDOWS\addins\binw.exe
O4 - HKLM\..\Run: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\System32\bkinst.exe ren
O4 - HKLM\..\RunOnce: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe rerun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)

These aren't necessary and can be launched manually. Saves on system resoureces by not launching at startup. This won't uninstall these programs but will prevent them from launching at startup:
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe
  1. Please click scan in Hijack this, check the following items if present and click 'Fix Checked'.
  3. O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
  4. O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\mickey\LOCALS~1\Temp\ssvlmx.dat
  5. O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  6. O4 - HKLM\..\Run: [*xmlas] C:\WINDOWS\Tasks\xmlas.exe
  7. O4 - HKLM\..\Run: [*binw] C:\WINDOWS\addins\binw.exe
  8. O4 - HKLM\..\Run: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe
  9. O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\System32\bkinst.exe ren
  10. O4 - HKLM\..\RunOnce: [*xmlvss] C:\WINDOWS\Registration\xmlvss.exe rerun
  11. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  12. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  13. O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
  15. These aren't necessary and can be launched manually. Saves on system resoureces by not launching at startup. This won't uninstall these programs but will prevent them from launching at startup:
  16. O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
  17. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  18. O4 - Global Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe


Copy the following instructions to a text file or print them so you will have them handy:

Reboot into safe mode, go to start > Run and enter: c:\fix.cmd

Hijack This and the list of items to fix will launch automatically. Follow the instructions.

Next, reboot. Go to Control panel > Internet options, click 'Delete Cookies', Click 'Delete Files'.

Finally, run Hijack This, Scan, save log, post log. :)


** The above files are only for this particular user. These will not work for anyone else so don't use them. **
  • lucassix
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Sep 13, 2004
  • Posts: 2344
  • Loc: Living in a VAN DOWN BY THE RIVER!
  • Status: Offline

Post September 15th, 2004, 4:51 pm

If you don't has pskill, the following line will do the same thing, and it is already built into windows.

taskkill /f /im xmlas.exe
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 17, 2004
  • Posts: 2062
  • Status: Offline

Post September 15th, 2004, 5:26 pm

Taskkill doesn't come with xp home. dthames0702 has been here before so that's why I recommended he get pskill. I think he already downloaded it but I'm just making sure.
  • lucassix
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Sep 13, 2004
  • Posts: 2344
  • Loc: Living in a VAN DOWN BY THE RIVER!
  • Status: Offline

Post September 15th, 2004, 6:23 pm

It's true, you do learn something new every day :)
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 17, 2004
  • Posts: 2062
  • Status: Offline

Post September 15th, 2004, 6:34 pm

Actually, I discovered that fact the first time dthames0702 came to Ozzu. Taskkill wouldn't work and after a google search I found out why. :)

Page 1 of 1

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 115 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.