Rob_Gambino Posted July 2, 2005 Share Posted July 2, 2005 My toshiba laptop has been really slow again lately. Here is my log. Logfile of HijackThis v1.99.0 Scan saved at 2:03:45 PM, on 7/2/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\crypserv[Caution: ExecutableFile] C:\PROGRA~1\Symantec\DefWatch[Caution: ExecutableFile] C:\WINDOWS\System32\DVDRAMSV[Caution: ExecutableFile] C:\PROGRA~1\Symantec\Rtvscan[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\00THotkey[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\PmProxy[Caution: ExecutableFile] C:\Program Files\TOSHIBA\TouchED\TouchED[Caution: ExecutableFile] C:\WINDOWS\system32\TFNF5[Caution: ExecutableFile] C:\WINDOWS\system32\TPWRTRAY[Caution: ExecutableFile] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile] C:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] C:\Program Files\Microsoft Hardware\Mouse\point32[Caution: ExecutableFile] C:\PROGRA~1\Symantec\vptray[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\D-Link AirPlus Xtreme G\AirPlus[Caution: ExecutableFile] C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\Documents and Settings\Riley\Start Menu\Programs\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashdot.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashdot.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey[Caution: ExecutableFile] O4 - HKLM\..\Run: [000StTHK] 000StTHK[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy[Caution: ExecutableFile] O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile] O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED[Caution: ExecutableFile] O4 - HKLM\..\Run: [TFNF5] TFNF5[Caution: ExecutableFile] O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile] O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] /run O4 - HKLM\..\Run: [POINTER] point32[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\vptray[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]" /pause O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ? O4 - Global Startup: D-Link REG Utility.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/067039b1d09 ... xIE601.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.game ... _0_0_1.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: Crypkey License - Unknown - crypserv[Caution: ExecutableFile] (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Symantec\DefWatch[Caution: ExecutableFile] O23 - Service: DVD-RAM_Service - Matsu[cabbage]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV[Caution: ExecutableFile] O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Symantec\Rtvscan[Caution: ExecutableFile] O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
den160593 Posted July 4, 2005 Share Posted July 4, 2005 Sorry to say this but you have major spyware. Go to the Microsoft Security Homepage and download the anti-spyware software. Once you have downloaded it run a system scan and that should remove probably half the processes (this happened to me before so I know how to fix it :D) After this run a virus scan and that should probably delete a few processes. If this doesn't work and it is still really bugging you may have to resort to deleteing your hard drive and installing everything again. Good Luck with fixing your computer :!: Link to comment Share on other sites More sharing options...
Mercifull Posted July 4, 2005 Share Posted July 4, 2005 lol den160593 its not that bad. Rob_Gambino you are running an out of date version of HJT. I didn't notice anything really bad apart from a few unneccesaries but its worth scanning with Ad-aware and Spybot S&D just to be safe. After you have done all that download the latest version of HijackThis v1.99.1 and post a fresh log. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Rob_Gambino Posted July 22, 2005 Author Share Posted July 22, 2005 This is getting really old, and I am sick of the blue screen of death. Logfile of HijackThis v1.99.1 Scan saved at 9:16:54 PM, on 7/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\crypserv[Caution: ExecutableFile] C:\PROGRA~1\Symantec\DefWatch[Caution: ExecutableFile] C:\WINDOWS\System32\DVDRAMSV[Caution: ExecutableFile] C:\PROGRA~1\Symantec\Rtvscan[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\00THotkey[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile] C:\Program Files\Analog Devices\SoundMAX\PmProxy[Caution: ExecutableFile] C:\Program Files\TOSHIBA\TouchED\TouchED[Caution: ExecutableFile] C:\WINDOWS\system32\TFNF5[Caution: ExecutableFile] C:\WINDOWS\system32\TPWRTRAY[Caution: ExecutableFile] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile] C:\Program Files\Microsoft Hardware\Mouse\point32[Caution: ExecutableFile] C:\PROGRA~1\Symantec\vptray[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\D-Link AirPlus Xtreme G\AirPlus[Caution: ExecutableFile] C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0\bin\jucheck[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\toshiba\ivp\ism\ivpsvmgr[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\Hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashdot.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashdot.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey[Caution: ExecutableFile] O4 - HKLM\..\Run: [000StTHK] 000StTHK[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy[Caution: ExecutableFile] O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile] O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED[Caution: ExecutableFile] O4 - HKLM\..\Run: [TFNF5] TFNF5[Caution: ExecutableFile] O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile] O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] /run O4 - HKLM\..\Run: [POINTER] point32[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\vptray[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]" /pause O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ? O4 - Global Startup: D-Link REG Utility.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/067039b1d09 ... xIE601.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.game ... _0_0_1.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv[Caution: ExecutableFile] O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Symantec\DefWatch[Caution: ExecutableFile] O23 - Service: DVD-RAM_Service - Matsu[cabbage]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV[Caution: ExecutableFile] O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Symantec\Rtvscan[Caution: ExecutableFile] O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Bmw Posted July 22, 2005 Share Posted July 22, 2005 Ahh, unfortunately I don't know much about reading hijack this logs, but i'll learn to do so, eventually. So I can't help you there, but realized you mentioned the BSOD. Chances are, spyware isn't the main cause. After someone helps you in cleaning out your system of spyware, run an antivirus software, so that you are sure you're all cleaned out of harmful processes. Next, i'd suggest to update all your hardware. Right click my computer>properties>hardware>device manager. Right click, and individually update everything. After that, install all windows updates. If you want you're computer to run nicely, you're gonna have to maintain it in working order! We'll see where to go from there if problems still persist after all of this has been completed. Link to comment Share on other sites More sharing options...
Rob_Gambino Posted July 22, 2005 Author Share Posted July 22, 2005 by update, you mean scan for hardware changes, right? I'm doing that now cuz I don't see the exact term update. Link to comment Share on other sites More sharing options...
Bmw Posted July 22, 2005 Share Posted July 22, 2005 You know when you click device manager? See each category? Next to it, there is a little + box. Click it, it'll expand into smaller devices. Right click each device under a category, and click Update Driver. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now