Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack.desktop HELP!


  • This topic is locked This topic is locked
14 replies to this topic

#1 deutsche_mak

deutsche_mak

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 16 February 2009 - 02:01 AM

Okay ... so I'm no computer guru ... but when running Malwarebytes, this wonderful thing popped up. Along with a few others:
Rogue.WinAntivirus
Rogue.Multiple
Rogue.Spyshredder
Hijack.DisplayProperties

So that got me thinking :thumbup2: ... what in the good Lord's name else is on my computer. And since I'm not a computer guru, I figured I'd let someone who knows what they're doing take a look. I followed all of the instructions in the "read here before you do anything" post, and hopefully I got it right. I've also attached a HJT log for you in case that is something else you need.

Any help you can provide is great. Here goes:


DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Pooh at 22:44:58.02 on Sun 02/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.641 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Pooh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoActiveDesktop = 2 (0x2)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137319747864
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204401744664
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pooh\applic~1\mozilla\firefox\profiles\ftqflyrj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138801]
S1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46800]
S1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\SAVRTPEL.SYS [2006-1-15 50312]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-8 353680]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2006-1-15 67184]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-15 49680]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-15 677128]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2006-1-15 79472]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NAVENG.Sys [2006-1-15 77864]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NavEx15.Sys [2006-1-15 750952]
S3 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\SAVRT.SYS [2006-1-15 336008]
S3 WLAN;NETGEAR Wireless 802.11b LAN Driver;c:\windows\system32\drivers\MA401RB.SYS [2003-3-5 614400]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-1-15 198256]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-1-15 165488]
S4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton systemworks\norton antivirus\NAVAPSVC.EXE [2006-1-15 177264]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2004-8-30 95328]
S4 SAVScan;SAVScan;c:\program files\norton systemworks\norton antivirus\SAVSCAN.EXE [2006-1-15 198368]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-1-15 819352]

=============== Created Last 30 ================

2009-02-15 20:12 <DIR> --d----- c:\docume~1\pooh\applic~1\Malwarebytes
2009-02-15 20:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-15 20:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-15 20:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 16:11 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-15 16:11 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-15 16:11 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-02-15 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-02-15 15:15 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-08 18:39 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-09-01 12:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 22:45:38.61 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 27 February 2009 - 06:34 PM

Hello deutsche_mak,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 02 March 2009 - 11:24 AM

Hi Tea,
No worries on the reply ... I know you folks are awefully busy. I'm at work now, and will post a log tonight.
Thanks again!

#4 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 02 March 2009 - 11:45 PM

Hi Tea,
I made it home, and here are the logs. FYI...All logs were run in Safe Mode. If you need them run in normal mode, I'll have to do that tomorrow.
Thanks again!!!!!!!!!!!



DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Pooh at 20:26:33.95 on Mon 03/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.635 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Pooh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoActiveDesktop = 2 (0x2)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137319747864
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204401744664
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pooh\applic~1\mozilla\firefox\profiles\ftqflyrj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138801]
S1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46800]
S1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\SAVRTPEL.SYS [2006-1-15 50312]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-8 353680]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2006-1-15 67184]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-15 49680]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36368]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-15 677128]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2006-1-15 79472]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NAVENG.Sys [2006-1-15 77864]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NavEx15.Sys [2006-1-15 750952]
S3 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\SAVRT.SYS [2006-1-15 336008]
S3 WLAN;NETGEAR Wireless 802.11b LAN Driver;c:\windows\system32\drivers\MA401RB.SYS [2003-3-5 614400]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-1-15 198256]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-1-15 165488]
S4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton systemworks\norton antivirus\NAVAPSVC.EXE [2006-1-15 177264]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2004-8-30 95328]
S4 SAVScan;SAVScan;c:\program files\norton systemworks\norton antivirus\SAVSCAN.EXE [2006-1-15 198368]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-1-15 819352]

=============== Created Last 30 ================

2009-02-15 20:12 <DIR> --d----- c:\docume~1\pooh\applic~1\Malwarebytes
2009-02-15 20:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-15 20:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-15 20:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 16:11 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-15 16:11 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-15 16:11 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-02-15 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-02-15 15:15 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-08 18:39 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-09-01 12:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 20:27:08.61 ===============

Attached Files



#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 03 March 2009 - 01:40 AM

Ooooh yes. I do need them in Normal Mode. HijackThis cannot see everything it needs to in Safe Mode. No need for any more DDS logs, so you don't have to run those again. Is MBAM coming up clean since your initial run?

Post when you're ready. :thumbup2: I haven't looked at the other thread yet, but I'm assuming this goes for both computers.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 03 March 2009 - 11:07 PM

Hi Tea!
Here is the HJT log in normal mode.
Thanks again!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:32 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137319747864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204401744664
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4371 bytes

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 04 March 2009 - 02:54 AM

Hi there,

Thanks! :thumbup2: This log is clean......is this computer having problems? Have you run a scan with MBAM on it since your original post?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 04 March 2009 - 11:12 AM

Hi Tea,
YEAH for a clean log!!!
I did run mbam, and the log came back clean. The computer runs really slow. I wonder if i should uninstall norton and clean up the registry? Any tips on getting this thing to run quicker would be helpful.
Thanks!

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 05 March 2009 - 02:47 PM

Hello,

Before you do that, try this. There are a couple of real "slower downers" there.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Click Start>Run> and type in services.msc
Look for Ati HotKey Poller and uncheck it.

Reboot your computer.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know if that helps. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 06 March 2009 - 12:28 AM

Hi Tea,
I ran HJT and deleted the stuff you said, and I ran ATF Cleaner, and it removed a little more than 3.5MB of stuff. It still seems to run slow. Is there anything else I can do, other than get more memory?
Thanks!!!!

Edited by deutsche_mak, 06 March 2009 - 12:43 AM.


#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 06 March 2009 - 12:46 AM

You say you have Norton? Yes, uninstall it using this tool......you have Trend so no problem in the protection department, and you will definitely see an improvement :

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008/2009 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Let me know. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 06 March 2009 - 12:52 AM

I'll do it right now and get back to you. :thumbup2:

#13 deutsche_mak

deutsche_mak
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 06 March 2009 - 01:24 AM

Alrighty ... Norton is gone, but the removal tool wouldn't work. I had to uninstall using add/remove programs. I did notice it didn't take as long to boot up . YEAH!!! Do you thing a defrag is in order, and if so, are there any good defrag programs out there, or should I just use the microsoft one?
Thanks!!!

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 06 March 2009 - 01:39 AM

Just use the Windows one, in my opinion. Why put yet another program on your computer when you're trying to clean it up? :) Since you've done a pretty good amount of cleaning on it, it's probably due a defrag. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:21 AM

Posted 15 March 2009 - 09:30 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users