MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums
November 25, 2020, 04:47:42 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 25, 2020, 04:47:42 AM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  Show Posts
Pages: [1] 2
1  Hardware Support / Hardware Devices Problems / Re: DDR-SDRAM Upgrade form 256 to 512 mb? on: June 01, 2008, 09:12:27 AM
That's good news but does it make any difference that the previous memory (256 mb) was PC2100 133mhz and the new memory (512 mb) is PC3200 200 mhz ?

Thanks for the help so far .......
2  Hardware Support / Hardware Devices Problems / Re: DDR-SDRAM Upgrade form 256 to 512 mb? on: May 31, 2008, 03:12:09 PM
Make = Ei System , model = 4406
3  Hardware Support / Hardware Devices Problems / Re: DDR-SDRAM Upgrade form 256 to 512 mb? on: May 30, 2008, 11:23:26 AM
laptop details

PC Wizard 2005 Version 1.643
------------------------------------------------------------------------------------------

Owner:
User:
Operating System: Microsoft Windows XP Home Edition 5.01.2600 Service Pack 2
Report Date: Monday 26 May 2008 at 21:53

------------------------------------------------------------------------------------------


<<< System Summary >>>
  > Mainboard : Ei System
  > Chipset : Intel i845G
  > Processor : Intel Celeron @ 2700 MHz
  > Physical Memory : 256 MB (1 x 256 DDR-SDRAM PC2100 @ 133 MHz)
  > Video Card : Intel Corporation 82845G/GL/GV/GE/PE Integrated Graphics Device
  > Hard Disk : TOSHIBA MK3018GAS (30 GB)
  > Monitor Type :   0 inchs
  > Operating System : Microsoft Windows XP Home Edition 5.01.2600 Service Pack 2
4  Hardware Support / Hardware Devices Problems / DDR-SDRAM Upgrade form 256 to 512 mb? on: May 26, 2008, 09:26:01 PM
Is it possible for me to get a 512mb DDR-SDRAM 133 mhz to upgrade my 256mb DDR-SDRAM or is it time to buy a new laptop?

current DDR-SDRAM details

  > Physical Memory : 256 MB DDR-SDRAM
  General Information
      BANK0 (DIMM0) : 256 MB - DIMM
  Memory Controller Information
      Memory Controller : System Memory
      Location : Mainboard
      Error Correction Capability : No
      Number of connectors : 2
      Max. Module Size : 2097152  KB
  Chipset Information
      Type : DDR-SDRAM PC2100
      Frequency : 133 MHz
      FSB/RAM Multiplier : 3/4x
      Channels : Single
      ECC Diagnostic : No
      CAS Latency (tCL) : 2.5 clocks
      RAS to CAS (tRCD) : 3 clocks
      RAS Precharge (tRP) : 3 clocks
      Cycle Time (tRAS) : 6 clocks
      DRAM Idle Timer : 16 clocks
      Shared Memory (video) : Yes
  Information SPD EEPROM ()
      Manufacturer : Samsung
      Part Number : M3 68L3223ETN-CB0
      Serial Number : 0809AB3A
      Type : DDR-SDRAM PC2100 (133 MHz)
      Size : 256 MB (1 rows, 4 banks)
      Module Buffered : No
      Module Registered : No
      Width : 64-bit
      Error Correction Capability : No
      Max. Burst Length : 8
      Refresh : Reduced (.5x)7.8
5  Internet & Network Support / Security & Viruses / Re: File missing message at the end of HiJackThis scan on: January 13, 2008, 04:40:10 PM
Many thanks for your time and effort, it really is appreciated.
As its an HJT issue I'll leave them .......
6  Internet & Network Support / Security & Viruses / Re: File missing message at the end of HiJackThis scan on: January 12, 2008, 09:50:37 AM
If it's not a threat then I will leave it as it is
Can you comment on the other "File missing" please

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll  (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

7  Internet & Network Support / Security & Viruses / Re: File missing message at the end of HiJackThis scan on: January 11, 2008, 06:48:08 PM
damn these .........
one gone -
one remaining - O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe (file missing)

I set HJT to backup before deleting so I know it was selected for deletion as its in the backup



Logfile of HijackThis v1.99.1
Scan saved at 18:44:33, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijack_this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll  (file missing)
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193567406905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171727067374
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe (file missing)

8  Internet & Network Support / Security & Viruses / Re: File missing message at the end of HiJackThis scan on: January 10, 2008, 08:51:27 PM
Here's the combo fix report

ComboFix 08-01-10.2 - Thomas 2008-01-10 19:46:33.1 - NTFSx86
Running from: C:\temp\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-12-10 to 2008-01-10  )))))))))))))))))))))))))))))))
.

2008-01-10 19:43 . 2008-01-10 19:43   1,496,020   --a------   C:\temp\ComboFix.exe
2008-01-10 19:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-08 20:58 . 2008-01-08 21:09   <DIR>   d--------   C:\Program Files\SpywareBlaster
2008-01-08 19:33 . 2008-01-08 19:33   2,566,736   --a------   C:\temp\spywareblastersetup351.exe
2008-01-07 20:47 . 2008-01-07 20:47   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-06 14:03 . 2004-10-15 18:32   83,096   --a------   C:\WINDOWS\system32\SSSensor.dll
2008-01-06 14:03 . 2004-10-15 18:17   60,496   --a------   C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-06 14:03 . 2004-10-15 18:18   21,075   --a------   C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-06 14:03 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-06 14:03 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-06 14:03 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-06 14:03 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-06 14:02 . 2008-01-06 14:02   <DIR>   d--------   C:\Program Files\Sygate
2008-01-06 13:22 . 2008-01-06 13:22   9,228,440   --a------   C:\temp\sygate562808.exe
2007-12-13 17:02 . 2007-12-13 17:02   <DIR>   d--------   C:\Program Files\PIXELA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 19:32   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-01-10 14:49   20   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-10 14:49   20   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-01-08 21:50   ---------   d-----w   C:\Program Files\hijack_this
2008-01-05 12:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-13 17:02   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-06 16:22   ---------   d-----w   C:\Program Files\Common Files\xing shared
2007-12-06 16:22   ---------   d-----w   C:\Program Files\Common Files\Real
2007-11-25 18:17   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-23 17:22   ---------   d-----w   C:\Program Files\PhotoDeluxe HE 3.0
2007-11-15 19:21   ---------   d-----w   C:\Documents and Settings\Janice\Application Data\AVG7
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 17:39   230,912   ----a-w   C:\WINDOWS\system32\wmasf.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 23:13 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 16:43 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 16:43 634880]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 09:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 09:11 114688]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 23:12 192512]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 10:04 579072]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 18:27 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:56 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCardClnt]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-09-16 17:41 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-26 13:21 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-06 16:21 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"SCardClnt"=2 (0x2)
"SCardSvr"=2 (0x2)

R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 17:13]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 17:13]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 14:29]
S2 Windows Kernel Services;Windows Kernel Services;"C:\WINDOWS\winlogon.exe" []
S2 Windows Spooler Services;Microsoft Windows Spooler Services;"C:\WINDOWS\wfbmgr.exe" []
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-18 02:12]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-07-27 15:37]
S4 SCardClnt;Smart Card Client;C:\WINDOWS\System32\SCardClnt.exe []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 19:52:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 19:56:05


and here is a new HJT scan

Logfile of HijackThis v1.99.1
Scan saved at 20:40:06, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijack_this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll  (file missing)
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193567406905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171727067374
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe (file missing)

the little tinkers are still there    PC Smash

best regards
Tom
9  Internet & Network Support / Security & Viruses / File missing message at the end of HiJackThis scan on: January 08, 2008, 09:53:22 PM
I would appreciate your feedback on the attached log as I am concerned that I have some rogue entries that have missing files or unknown Owners
Also the
O23 - Service: InstallDriver Table Manager
O20 - Winlogon Notify: igfxcui

The log isn't that long as I've added the bits I know/recognise to the Ignore List


Logfile of HijackThis v1.99.1
Scan saved at 21:41:06, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijack_this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll  (file missing)
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193567406905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171727067374
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe (file missing)

Best regards
Littlelegs (aka Tom )


10  Computer Related Discussions / Computer Health & Ergonomics / AV scan and Cab files on: February 27, 2007, 08:58:48 PM
After installing XP SP2 my AV scan now takes almost two hours. Is it ok to delete the SP2 cab files, or any cab files, now that SP2 is firmly installed ?
AV is Grisoft AVG 7.5

Littlelegs
11  Internet & Network Support / Security & Viruses / Re: abcd.exe - rogue exe ? on: October 02, 2006, 05:45:43 PM
Deep Joy !
Both deleted and no more reg entries left.

many many thanks .......
12  Internet & Network Support / Security & Viruses / Re: abcd.exe - rogue exe ? on: October 01, 2006, 12:28:22 PM
I've searched the entire laptop and I only have the one version of wfbmgr.exe and that is c:\windows/wfbmgr.exe
Can I download a copy from somewhere ?
13  Internet & Network Support / Security & Viruses / Re: abcd.exe - rogue exe ? on: September 30, 2006, 03:56:47 PM
Think it's about time I posted the HJT log ...
Logfile of HijackThis v1.99.1
Scan saved at 16:50:14, on 30/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wfbmgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\hijack_this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Update WinBMD.lnk = C:\Program Files\WinBMD\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131055324843
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE81E80F-06B7-49A7-BC4F-2E925CC4906F}: NameServer = 80.225.248.50 80.225.253.50
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Kernel Services - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe

14  Internet & Network Support / Security & Viruses / Re: abcd.exe - rogue exe ? on: September 30, 2006, 03:45:43 PM
Okkie  kokkie ...... will do.
I've also come across another exe called wfbmgr.exe which seems to be another hostile little devil if the detaiols from the www are to believed.
I'll have a search through and see if it's ok to just delete it and reg entries

many thanks Pancake ....
15  Internet & Network Support / Security & Viruses / Re: abcd.exe - rogue exe ? on: September 30, 2006, 01:41:16 PM
Know I'm stumped .....
abce.exe has gone.
I ran Vundofix.exe and it didnt find anything so I went back to C:\ to check that I hadnt left it renamed as abce.txt only to find - or not find - it wasnt there any more. Searched the entire C:\ drive and could only find this .....
C:\WINDOWS\Prefetch\ABCD.EXE-0D19EC02.pf   dated 21/09/2006 21:50

Ran regedit scanning for abcd. and found these entries :-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Program Files\\hijack_this\\hijackthis#2.log"
"MRUList"="dcba"
"b"="C:\\abcd.exe"
"c"="C:\\temp\\VundoFix.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\abcd.exe"
"MRUList"="ba"
"b"="C:\\temp\\VundoFix.exe"

[HKEY_USERS\S-1-5-21-2935130677-919082819-4212676017-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Program Files\\hijack_this\\hijackthis#2.log"
"MRUList"="fedcba"
"b"="C:\\abcd.exe"
"c"="C:\\temp\\VundoFix.exe"

[HKEY_USERS\S-1-5-21-2935130677-919082819-4212676017-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\abcd.exe"
"MRUList"="ba"
"b"="C:\\temp\\VundoFix.exe"
Pages: [1] 2
Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 22, 2016, 08:53:47 PM