Jump to content
Sign in to follow this  
riacovino

Working with hijackthis

Recommended Posts

I was infected with VirusRemover 2008 and other related items. I am still having problems with desk top display and lost programs after running RogueRemover and Malwarebytes. I have done nothing yet with hijackthis. A previous thread instructed me to this point (http://forums.pcpitstop.com/index.php?showtopic=160038.) Any further help would be much appreciated.

 

Riacovino

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:44:08 AM, on 9/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Creative\Launcher\CTLauncher.exe

C:\Program Files\Napster\napster.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Creative\Launcher\TaskGuide\updtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: avgrsstx.dll mietyo.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe

O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: Privacy Protection - (no file)

 

--

End of file - 7300 bytes

Edited by riacovino

Share this post


Link to post
Share on other sites

Welcome to PCPitStop, please be aware that all advice given is taken at your own risk.

Sorry for the wait, the logs are many, and the volunteers are few.

When you reply, please use the "Add Reply" button, not the Quote or New Topic buttons.

 

If you still need help let me say I am at a bit of a loss since I have not seen the HJT log before you started running removal tools so I don't know if something was removed by mistake or not. Do you still have the logs from the scans? If not, show me a new MBAM scan:

 

Download Malwarebytes' Anti-Malware to your Desktop

http://www.besttechie.net/tools/mbam-setup.exe

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform FULL SCAN, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

* Please post contents of that file & a new HJT log in your next reply.

I am still having problems with desk top display and lost programs after running RogueRemover and Malwarebytes.

Please describe these "problems" in more detail, exactly what programs are you having issues with? Are you receiving any error messages, if so post those "word for word".

 

Thanks

Share this post


Link to post
Share on other sites

Thank you for the reply. I have since figured out the minor problems I was having after running all the cleanup ware. When my windows xp would load, my desktop was a white sreen with my progarm icons.I could not change disply or move the icons and when I tried, a short cut to that icon would be made. Also,if I openned an icon folder the contents would open on my desktop overlapping all icons. Turns out, IE some how, due to the original infection I had with VirusRemover 2008, would open a blank white page as a full page and I needed to raise my cursor to the top of the screen to reveal tab and close that weird page thing. All now seems OK. Is this common or I'm I just a bit thick?

 

Thanks Again,

 

Riacovino

 

Welcome to PCPitStop, please be aware that all advice given is taken at your own risk.

Sorry for the wait, the logs are many, and the volunteers are few.

When you reply, please use the "Add Reply" button, not the Quote or New Topic buttons.

 

If you still need help let me say I am at a bit of a loss since I have not seen the HJT log before you started running removal tools so I don't know if something was removed by mistake or not. Do you still have the logs from the scans? If not, show me a new MBAM scan:

 

Download Malwarebytes' Anti-Malware to your Desktop

http://www.besttechie.net/tools/mbam-setup.exe

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform FULL SCAN, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

* Please post contents of that file & a new HJT log in your next reply.

 

Please describe these "problems" in more detail, exactly what programs are you having issues with? Are you receiving any error messages, if so post those "word for word".

 

Thanks

 

Share this post


Link to post
Share on other sites

All now seems OK. Is this common or I'm I just a bit thick?

Please do not quote my instructions, a waste of space. I have learned from many years of removing malware, that nothing is common.

 

This topic is closed.

 

Here is some information that might help you avoid this in the future.

 

Some good information for you:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

 

Here is some great information from experts in this field that will help you stay clean and safe online.

http://users.telenet.be/bluepatchy/miekiem...prevention.html

http://forums.spybot.info/showthread.php?t=279

http://russelltexas.com/malware/allclear.htm

http://forum.malwareremoval.com/viewtopic.php?t=14

http://www.bleepingcomputer.com/forums/topict2520.html

http://cybercoyote.org/security/not-admin.shtml

 

http://www.malwarecomplaints.info/

 

Thanks...pskelley

http://pcpitstop.com/about/supportus.asp

If you are reading this information...thank a teacher,

If you are reading it in English...thank a soldier.

 

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...