1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Having problems with Trend Micro HijackThis

Discussion in 'Malware and Virus Removal Archive' started by shannondiaz1, 2008/06/21.

  1. 2008/06/21
    shannondiaz1

    shannondiaz1 Inactive Thread Starter

    Joined:
    2008/06/21
    Messages:
    5
    Likes Received:
    0
    I downloaded Trend Micro HijackThis and it reads error message and closes the program. It is a acer travelmate notebook, it is running XP. It's unable to do windows updates, major pop-ups, and when I set the internet zone to medium, it changes back to "accepts all cookies" by itself. Lastweek I downloaded McAfee trial and did a scan, and after 17 hours of scanning it had 4,928 quarantined viruses and then it stopped responding and closed out. I've made several more attempts to scan and it quarantines thousands more but it quits responding and never finishes. Now it is extremly slow and wont go on the internet, or do anything else for that matter. Last month it worked awsome, up untill my nephews friends were looking at **** sites.
    Any help would be much appreciated.

    Sincerly, Shannon
     
    shannondiaz1,
    #1
  2. 2008/06/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download and install Kaspersky free trial from here: http://www.kaspersky.com/anti-virus_trial

    • Select Express Installation.
    • When the installation is complete, select Activate Trial Version when prompted
    • You may be prompted to restart your machine; please do so.
    • An update will begin upon startup. Allow it to complete.
    • After update is complete, you may be asked to restart the computer once again. Please do so.

    Once the installation and update procedure is complete, and the machine is back in normal mode after restarts....

    Next, please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.

    Open Kaspersky by using the system tray icon (right click on it):
    • On the left side click Scan.
    • Then click My Computer.
    • Then on the Right Side click Start Scan.
    • When the scan is complete right click and select Select All.
    • Then click the Actions button and select Disinfect.
    • If this option is not available select Neutralize.

    Once finished, return to normal mode and see if you can create a HijackThis log, then post it here if successful.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/06/22
    shannondiaz1

    shannondiaz1 Inactive Thread Starter

    Joined:
    2008/06/21
    Messages:
    5
    Likes Received:
    0
    :eek: wOw... what a challenge. Thank you very much for helping me, I appreciate it.
    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:02:12 PM, on 6/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    D:\Program Files\McAfee\MPF\MPFSrv.exe
    D:\Program Files\McAfee\MSK\MskSrver.exe
    D:\Program Files\SiteAdvisor\6261\SAService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\notepad.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6261\SiteAdv.exe "
    O4 - HKLM\..\Run: [McENUI] D:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BMaf44d46f] Rundll32.exe "D:\WINDOWS\system32\uhtofask.dll ",s
    O4 - HKLM\..\Run: [16d28a67] rundll32.exe "D:\WINDOWS\system32\ooynyjly.dll ",b
    O4 - HKLM\..\Run: [LogonWatch] D:\Program Files\PC Inventory Software\LogonWatch.exe
    O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 D:\PROGRA~1\UNINST~1.DLL,O -2
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm450YYUS
    O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///D:/Program%20Files/Ricochet%20Recharged/Images/stg_drm.ocx
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1208367478345
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208367463735
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Program%20Files/Ancient%20Tripeaks%20Solitaire/Images/armhelper.ocx

    --
    End of file - 5777 bytes
     
    shannondiaz1,
    #3
  5. 2008/06/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...