Well i tried google, but couldnt find much. Anyone ever seen these on windows xp startup before? Dunno why they started doin this.. it's annoying.

I took a screenshot of them here:
http://img95.exs.cx/img95/606/errors.jpg



also already tried TuneUp Ultilities 2004 Reg Fixer, Defrag, Spyware scan (adware latest..auto updated), and a Virus scan.

help would be greatly appreciated

which virus scanner are you using ? After some quick googling myself, it seems both of these could be trojans ?
Note: The lsass.exe file is located in the c:\windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
http://www.neuber.com/taskmanager/process/lsass.exe.html

the other appears to be a mirc trojan... bet you use IRC ? ;)

http://forums.techguy.org/archive/index.php/t-204192.html

Well i tried google, but couldnt find much. Anyone ever seen these on windows xp startup before? Dunno why they started doin this.. it's annoying.

I took a screenshot of them here:
http://img95.exs.cx/img95/606/errors.jpg



also already tried TuneUp Ultilities 2004 Reg Fixer, Defrag, Spyware scan (adware latest..auto updated), and a Virus scan.

help would be greatly appreciated

Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.

Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.

I saw that but re-edited my post, thought maybe the log file was in his temp folder :lol:

Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.

erm, those are just log files...the two problematic files are not actually there, they are hidden somewhere in the windows folder
i suggest using kaspersky or nod32 as the virus scanners


gildan2020

virus and trojan scans.

recomended programs are in my everything guide (link in sig).

virus and trojan scans.

recomended programs are in my everything guide (link in sig).
no sig

no sig

Ross' Everything Guide (http://filesharingtalk.com/vb3/showthread.php?t=73727)


If you can't see his sig then you probably need to enable sig viewing in your user CP

User CP >> Edit Options >> Scroll down to thread display options >> check the 'show sig' radio button.

Btw, your sig could probably use a little work ;)

erm, those are just log files...the two problematic files are not actually there, they are hidden somewhere in the windows folder
i suggest using kaspersky or nod32 as the virus scanners


gildan2020

Yes, you're right. My bad - I stopped reading them before I'd gotten to the actual filenames!

Logfile of HijackThis v1.97.7
Scan saved at 1:00:09 PM, on 10/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\D-Tools\daemon.exe
E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\WallpaperToy\Wallpapertoy.Exe
E:\Program Files\Messenger\msmsgs.exe
D:\!My Downloads!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Changer.lnk = E:\Program Files\WallpaperToy\Wallpapertoy.Exe
O8 - Extra context menu item: Download using LeechGet - file://E:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://E:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://E:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094561985406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Well here's the log anyways. I ran a Norton scan and it only found 1 virus... which was actually a keygen for norton antivirus! LOL!! WHAT A JOKE!

nod32.. here i come!

lmfao, dude, u got fucked..lmfao, just format with a backup of SP2, and reload windows...it'll make ur life easier..

lmfao, dude, u got fucked..lmfao, just format with a backup of SP2, and reload windows...it'll make ur life easier..
Fucking newbies.

lmfao, dude, u got fucked..lmfao, just format with a backup of SP2, and reload windows...it'll make ur life easier..

yawwn you go do that... :-) *roll eyes*
annnnnnyways.. I solve my o/s problems 98-99% of the time. Plus you said *back-up* SP2. Why? it's right on microsoft! or did you mean back up an entire copy of the o/s in Norton Ghost... format.. then place the image back on? Now why did I even format? a waste of time eh?

Muhohahaha

oh yes, 17 posts, i see

no I meant like get the SP2 file from wherever u got it from...Cuz if u have a dialup modem, it takes too fuckin long to dl it...if u dont, well fuck that, just dl it whenever...Sure I agree u should do the scans, etc etc...but if that fucks u...just format, WITH a backup of everything...and referring back to smurff, how the fuck is formatting newbie? its actually kinda refreshing to think ur system is going at full speed afterwards, u know..

yea, but i never really need to do it unless of something pretty major such as a currupt boot sector

@numba1exclusive

I can see you are trying to be helpful, but whilst the odd expletive is understandable, 4 times in one small post is a little excessive.

...and referring back to smurff, how the fuck is formatting newbie? its actually kinda refreshing to think ur system is going at full speed afterwards, u know..
Yeah, that's 'up to speed' until you've finished installing all your shit and use it for a while... then it's back how it was. If you know what you're doing you don't get a slowdown you need a reformat to cure; there are plenty of people here that manage such a feat.
Which backup would you use, anyway? Surely you make them often enough to not lose any important information... and what if the one you use has the crap you think you're getting rid of?
Formatting for a small problem is like using a sledgehammer to crack a walnut. It's a last resort.
Oh, and if you get an infestation of nasties, don't forget to post asking for help so we can have a jolly good fucking laugh back at you.

Why do we even install games? If you had to choice to run em like the ps2.. that'd be cool too. Only a disc, Ram, and memory (or hd for saves)

Why do we even install games? If you had to choice to run em like the ps2.. that'd be cool too. Only a disc, Ram, and memory (or hd for saves)
Because they run better off of the hard drive...faster load times and stuff.

Well Nod32 didnt fix it... and it prevents Diskeeper from working!! Argg!
How do I get rid of the problems??

I got these problems too so here is what i did
fisrst i went Start > Run > MsConfig
On the StartUp section u will see all programs that will run on start up , u cant uncheck what ever u thing its BS
Then ur comp will be fine
After taht get northon or Nod32 (Nod32 bettrer but suck in some ways 2)
i had like 10 worms when activated my windows and nod32 didnt do anything
i installed northon and erased everything
install both like i did. and a firewall

@driano, Glad you got it sorted. Seems like every program I'v tryed lately, has a start up tool tho. Regseeker, Spybot , System Mechanic you name it! Probably easier to use too. Just remember to uncheck and don't delete them. :no:

Wolfmight, their is a newer version of hijackthis that might show more information. Download from one of these locations and post a fresh log.

http://tools.radiosplace.com/HijackThis.exe
http://www.downloads.subratam.org/hijackthis.zip
http://spywarewarrior.com/files/HijackThis.exe

You could try renaming the file msthost.exe.
If it's listed in taskmanager, shut down the process, rename and reboot to see if that helps.
My guess is that you will find it in C:\WINDOWS\system32\

k, made another log useing the latest version:

Logfile of HijackThis v1.98.2
Scan saved at 5:39:26 PM, on 11/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe
E:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rsvp.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\LeechGet 2004\LeechGet.exe
D:\!My Downloads!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UIWatcher] E:\Program Files\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
O4 - Startup: Ashampoo Mail Virus Blocker Server.lnk = E:\Program Files\Ashampoo\Ashampoo UnInstaller Suite Plus\Mail Virus Blocker\Server.exe
O4 - Startup: Wallpaper Changer.lnk = E:\Program Files\WallpaperToy\Wallpapertoy.Exe
O8 - Extra context menu item: Download using LeechGet - file://E:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://E:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://E:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094561985406

Well, no lines showed up in this version of hijackthis at 020, 021 or 022.

I do see one line in your running processes that might be a problem.
C:\WINDOWS\system32\altsvc.exe

I could find very little information on altsvc.exe, which is usually a bad sign.
You could submit this file for virus scan online at http://www.kaspersky.com/scanforvirus

Right click altsvc.exe and check it's properties for information on it.

Did you try renaming msthost.exe?
If the scan on altsvc.exe is inconclusive, try renaming it too. It is running so you would need to end process on it in taskmanager first.

Kasperky online scan said it is a virus. Norton and Nod32 both did not detect the mother f***er. Man, this is insain. glad I found it, I wanna pop some caps in the programmer's ass who got it on here. I beilieve it came from a rigged installer for "The All Seeing Eye". Norton said that installed had a virus, but it didnt detect the altsvc.exe. Anyways, it looks like it stands for Alternate Service. Cheap name in the first place eh?

Dammit the 2 errors were actually 2 backdoor viruses!!
I hope zone alarm has been blocking them. I also have a hardware firewall in front on the network that blocks tons of incoming things. Kaspersky 5 personal found them both and deleted them.

I havnt noticed anything deleted or newly created.. hmm yet that is.

Glad you found them.

Here are some free programs that will help protect your system. I've been using these and highly recommend them.


SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html) - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!

IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm)is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm


Visit these sites for more information on securing your computer.
How did I get infected? (http://forums.net-integration.net/index.php?showtopic=3051)
Dealing with unwanted spyware. (http://www.mvps.org/winhelp2002/unwanted.htm#happen)

Not one ViriiScanner is enough. But to install many is not good either.
All sorts of trouble brewing with many scanner running on the background.

I had the Norton before, gotsome trouble and installed BitDefender,
which found 3 viruses on the first scan that Norton missed.
Needless to say Im not using norton anymore.
But im not sure if BitDefender is teh best either,
I suppose no 1 scanner is.

Then there's a hassle to run online scans, and other clients for such stuff.
Just have to be carefull what to DL and install.
I had the AllSeeingEye installed about a year a go too, for AAO game,
but I didnt got infected.
It's not the app itself, many times they are just usefull apps bundled with crap.
One has to be also carefull from where to DL programs.

:cool2:

44422211 type that into run and add your username afterwards no spaces and it will reset ur computer to factorary settings

44422211 type that into run and add your username afterwards no spaces and it will reset ur computer to factorary settings
Never heard of that trick, but I dont think I need to now.

Anyways, I think you can have multiple antivirus software, just only let one run in the background. That way you can do manual scans with all the other software. And probably dont run them at the same time scanning either. Will slow things down atleast.

Never heard of that trick, but I dont think I need to now.

Anyways, I think you can have multiple antivirus software, just only let one run in the background. That way you can do manual scans with all the other software. And probably dont run them at the same time scanning either. Will slow things down atleast.

Correct, only have one realtime scanner on, the rest of it can be installed for
future scans.

But one needs to do some checking/settings after all the installs, I doubt things go
so smoothly if you install, say, 4 different scanners and dont do anything else.


Originally Posted by trajillo
44422211 type that into run and add your username afterwards no spaces and it will reset ur computer to factorary settings

For the trick about runnin' a number on dos-prompt, I dont think so.
;)
That info is based on what? Your word or can you back it up on paperworks?
(meaning, some links to tell us what it suppose to do)
If i was to believe your word, no thanks, but if you can provide more light to the
matter, im willing to read about it.

:cool2:

44422211 type that into run and add your username afterwards no spaces and it will reset ur computer to factorary settings
no... :no:

no... :no:

trajillo
Self-Proclaimed Ass
Newcomer

guess that explains it.....
:angry:

trajillo
Self-Proclaimed Ass
Newcomer

guess that explains it.....
:angry:

Yea, I hope some people learn from this lesson that harmless nagging errors at startup... are not so harmless at all.
THey might be logging all that porno you watch and sending the credit card number you used as well.

Nah-I'm Juss Playin! :-D

Edit: I'm Serious about the virus part though.

Virus Yay, Porno Nay.... or yay for some {most (everyone)}