Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Lemming


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lemming

Lemming

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 09 June 2005 - 11:14 PM

Here is his log.

Logfile of HijackThis v1.99.1
Scan saved at 11:11:50 PM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Protection\Trendmicro\pccguide.exe
C:\Program Files\protection\SpybotSD\TeaTimer.exe
C:\Program Files\protection\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Protection\SpywareGuard\sgmain.exe
C:\Program Files\Protection\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PROTEC~1\TRENDM~1\PcCtlCom.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\protection\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\PROTEC~1\TRENDM~1\tmproxy.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\protection\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\PROTEC~1\TRENDM~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Protection\Ad-AwareSE\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JTA.JTA-ISA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\protection\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PROTEC~1\SpybotSD\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Protection\Trendmicro\pccguide.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\protection\SpybotSD\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Protection\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\protection\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\PROTEC~1\TRENDM~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\PROTEC~1\TRENDM~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\PROTEC~1\TRENDM~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\PROTEC~1\TRENDM~1\tmproxy.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Thanks,
Lemming
Posted Image

Freeware: Ad-Aware, Spybot S&D, Avast Antivirus, Kerio Firewall, Cleanup, SpywareBlaster, SpywareGuard

Jesus is the Answer for the World today!
Prayer Changes!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:18 AM

Posted 10 June 2005 - 11:00 PM

Hello Lemming. this log looks pretty good. Just 1 minow entry to fix.

We need to disable TeaTimer so it does not interfere with the fixes we are about to do.
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck Resident TeaTimer and OK any prompts
  • Restart your computer.
Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Lemming

Lemming
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 11 June 2005 - 10:30 AM

This was before the reformat :thumbsup:

Thanks for everything.

-Lemming
Posted Image

Freeware: Ad-Aware, Spybot S&D, Avast Antivirus, Kerio Firewall, Cleanup, SpywareBlaster, SpywareGuard

Jesus is the Answer for the World today!
Prayer Changes!

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:18 AM

Posted 11 June 2005 - 11:58 PM

Well I guess that is one way to cure all ills :thumbsup:

In that case I will close this topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users