PDA

View Full Version : InProcServer32\C:\



soprano111
2007-02-07, 06:55
Can any expert help me with this...I thought I was advanced but got put back. Thanks.

pskelley
2007-02-07, 21:08
Welcome to the forum, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum,
especially this: "BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

Thanks

soprano111
2007-02-08, 05:03
I apologize psKelley I was exhausted last night but posted no log after
I read the "read here before you post", however, I should have been
explicit, my bad (never done this before). Here are my results:

All (updated) were run in Safe Mode except where noted***-

1. Spybot (Ad-aware, AVG anti-spyware and a-squared also)
2. AVG anti-virus
3. AVG anti-rootkit*** (run in regular mode)
4. Smitfraudexe (ran>search and cleaned the register; I did not delete the trusted zone[?])
5. Startuplist*** (run in regular mode) says this> "Skipping Zones for this user, since there are over 1000 domains in them. (3041 to be exact)"
I took out the trusted zone q=with the 2nd run but there is still a problem (sluggish mouse).
6. Sophos anti-rootkit was run in regular mode.
Here is the hjt log but I believe it to be clean (maybe I am wrong)

Logfile of HijackThis v1.99.1
Scan saved at 5:22:20 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: D-Link AirPlus.lnk = ?
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

pskelley
2007-02-08, 14:02
Good morning (EST), let me start by saying it is the health of your computer we are dealing with, my advice would be NOT to be working on it when you are "exhausted", this is when mistakes are make. I will never rush you to complete any tasks, take the time you need to be careful and I only ask if a long period is going to pass without any response, let me know so I can keep the topic open, that said, I need you to do this:

1) Slowly and carefully read all of the instructions again, no where will you see it asking the log to be posted in safe mode. Post all logs in Normal Mode unless I request otherwise.

2) I would appreciate it if you would run only the tool I request, it may be that I will ask for the exact tools to be run, but some important tools will not perform properly if other tools are run before them.

3) In the instructions you will see several free online scans offered, this is so we have another view other than your resident antivirus program, so please pick one, execute the online scan and post the results for me to view.

4) InProcServer32\C:\ <<< this is the extent of the information about the problem you have offered me and this is the limited information Google gives when that is scanned:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=InProcServer32%5cC%3a%5c+
Please provide as much information about your problem as possible, what is it causing to happen, if you get popups, where so they directing you to, if you get error message, post them "word for word" the more information I have to work with the better.

5) This HJT log looks like stuff has been removed beside the fact it is run in Safe Mode. If you use the Whitelist or have removed any information for any reason including using Selective Startup in MSConfig, please do not, post all of the information.

6) Since you mentioned several programs, post the results of the scans if you have them, if not then do not run them again unless I ask you to.

Recap: read and follow directions only, post the results of an antivirus scan list in the instructions and a new HJT. Include some information about the problem to help me identify it, then try to stay offline if you can until I have a look, some of this junk downloads more. What you have shown and told me so far has not helped.

Thanks

Thanks

tashi
2007-02-19, 07:14
As the information requested has not been provided, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.