2 errors on startup.. how do i remove?
Well i tried google, but couldnt find much. Anyone ever seen these on windows xp startup before? Dunno why they started doin this.. it's annoying.
I took a screenshot of them here:
http://img95.exs.cx/img95/606/errors.jpg
also already tried TuneUp Ultilities 2004 Reg Fixer, Defrag, Spyware scan (adware latest..auto updated), and a Virus scan.
help would be greatly appreciated
Re: 2 errors on startup.. how do i remove?
which virus scanner are you using ? After some quick googling myself, it seems both of these could be trojans ?
Quote:
Note: The lsass.exe file is located in the c:\windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
http://www.neuber.com/taskmanager/pr...lsass.exe.html
the other appears to be a mirc trojan... bet you use IRC ? ;)
http://forums.techguy.org/archive/in.../t-204192.html
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by Wolfmight
Well i tried google, but couldnt find much. Anyone ever seen these on windows xp startup before? Dunno why they started doin this.. it's annoying.
I took a screenshot of them here:
http://img95.exs.cx/img95/606/errors.jpg
also already tried TuneUp Ultilities 2004 Reg Fixer, Defrag, Spyware scan (adware latest..auto updated), and a Virus scan.
help would be greatly appreciated
Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by Smurfette
Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.
I saw that but re-edited my post, thought maybe the log file was in his temp folder :lol:
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by Smurfette
Isn't it odd that the files that Windows is going to mention to Microsoft are in your temporary directory? Why would temporary files want to run at startup, anyway?
First, boot into SafeMode and delete the contents of C:\Documents and Settings\Wolfmight\Local Settings\Temp.
Next, download and run HijackThis, click the Scan button, click Save Log and post the contents here.
erm, those are just log files...the two problematic files are not actually there, they are hidden somewhere in the windows folder
i suggest using kaspersky or nod32 as the virus scanners
gildan2020
Re: 2 errors on startup.. how do i remove?
virus and trojan scans.
recomended programs are in my everything guide (link in sig).
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by rossco_2004
virus and trojan scans.
recomended programs are in my everything guide (link in sig).
no sig
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by Wolfmight
no sig
Ross' Everything Guide
If you can't see his sig then you probably need to enable sig viewing in your user CP
User CP >> Edit Options >> Scroll down to thread display options >> check the 'show sig' radio button.
Btw, your sig could probably use a little work ;)
Re: 2 errors on startup.. how do i remove?
Quote:
Originally Posted by gildan2020
erm, those are just log files...the two problematic files are not actually there, they are hidden somewhere in the windows folder
i suggest using kaspersky or nod32 as the virus scanners
gildan2020
Yes, you're right. My bad - I stopped reading them before I'd gotten to the actual filenames!
Re: 2 errors on startup.. how do i remove?
Logfile of HijackThis v1.97.7
Scan saved at 1:00:09 PM, on 10/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\D-Tools\daemon.exe
E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\WallpaperToy\Wallpapertoy.Exe
E:\Program Files\Messenger\msmsgs.exe
D:\!My Downloads!\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Changer.lnk = E:\Program Files\WallpaperToy\Wallpapertoy.Exe
O8 - Extra context menu item: Download using LeechGet - file://E:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://E:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://E:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094561985406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Well here's the log anyways. I ran a Norton scan and it only found 1 virus... which was actually a keygen for norton antivirus! LOL!! WHAT A JOKE!
nod32.. here i come!