HJT Log - in Security Cleanup

HJT Log - in Security Cleanup http://www.dslreports.com/forum/r20462908 en Thu, 08 Jan 2009 07:27:11 EDT Thu, 08 Jan 2009 07:27:11 EDT Re: HJT Log - http://www.dslreports.com/forum/remark,20466875 bcastner : I believe you when you state you have problems downloading. However, not one single one of the error messages you have posted about using anti-malware scanners is malware caused.

Your logs are clear of malware signs.

Start a New Topic in the Microsoft Help subForum. In that New Topic, describe in detail any and all error messages that your receive when you try to download something. That is information that would be critical to the helpers in that subForum. If you simply state, as you did here, that you cannot download, that is simply not enough information for someone to help you. In addition, you stated you "frequently get error message." Write them down. Look in your Event Logs and write down past messages. Include any and all detail you can in your New Topic.

Best wishes,
Bill Castner

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

]]> http://www.dslreports.com/forum/remark,20466875 Sun, 11 May 2008 20:13:27 EDT Re: HJT Log - http://www.dslreports.com/forum/remark,20464952 SD6 : Hiya,

Here is log from Eset Online scanner:
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3090 (20080509)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=da52b43a8dcc924c89f43ba05cb443a3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-05-11 02:47:30
# local_time=2008-05-11 10:47:30 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=127224
# found=0
# scan_time=1725

Here are results of CA online scanner:
Scan Results: Scan Completed. 50622 files scanned. No viruses found.
File Infection Status Path
No Infections

Here is HJT log (v 2.0.2, I thought that v2 was Vista only, which is why I didn't run it):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:26 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG\guard.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\AWUSGSTA.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »wapp.verizon.net/bookmarks/bmred···=yh_home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [AWUSGSTA.EXE] C:\WINDOWS\system32\AWUSGSTA.exe /CONFIGUAR
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-1085031214-813497703-839522115-1004\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - »https://activatemydsl.verizon.net/sdcCom···tlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - »www.kaspersky.com/kos/eng/partne···code.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - »housecall65.trendmicro.com/house···Impl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »gfx1.mail.live.com/mail/w1/resou···Upld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - »download.divx.com/webplayer/stag···ugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···30082000
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - »www.ca.com/us/securityadvisor/vi···scan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - »zone.msn.com/bingame/chnz/defaul···cher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - »cdn2.zone.msn.com/binFramework/v···6649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7708 bytes

Also, when running SpybotSD1.5 again I got the error message "There were problems in the file "c:\ProgramFiles\Spybot-Search_Destroy\Includes\Trojans.sbi"

Initialization failed when trying to run Kaspersky online AV scanner. It said "Kaspersky Anti-Virus database is damaged" even though I had just downloaded it.

When trying housecall.trendmicro, I got the message "An error occurred while trying to transfer data from the Internet..."

Please help.]]> http://www.dslreports.com/forum/remark,20464952 Sun, 11 May 2008 11:07:50 EDT Re: HJT Log - http://www.dslreports.com/forum/remark,20463054 lilhurricane : Hiya SD6..

Please review our steps here for assistance:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

In it you will find all our preclean requirements to run, as well as a new version of HiJack This.

It will explain what we need you to do first, and what logs to attach with your next post.

Post back when they are completed..we'll be waiting ;)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~]]> http://www.dslreports.com/forum/remark,20463054 Sat, 10 May 2008 20:53:00 EDT HJT Log - http://www.dslreports.com/forum/remark,20462908 SD6 : I am having a lot of problems. I frequently cannot download files over the Internet. The computer works noticeably slower and performs most functions, but I frequently get error messages and something is very wrong.

I ran several AV programs, including Spybot SD1.5 and Ad-Aware. I could not run Windows Defender because it could not validate my copy of Windows even though I have a legit (retail?) copy of XP home. I had to work in normal mode because I could not get all the way through safe mode. I ran CA online scan and trandmicro online scan. They showed nothing wrong and I did not save the logs. I even bought Uniblue Registry Booster 2 - it fixed a lot of bad register entries, but I am still having problems. I cannot open Windows Security Center - the computer simply does nothing when clicking on the icon in the task bar or in control panel. Also, when I try to navigate to bleepingcomputer.com with IE, IE always crashes.

I built this computer myself 3 yrs ago using a Shuttle barebones kit - no problems before now. If I could find the Windows backup CD, I would simply re-install XP. I don't use most of the apps on this computer anymore.

I hope you can see what is wrong in the HJT log. Please help. ]]> http://www.dslreports.com/forum/remark,20462908 Sat, 10 May 2008 20:12:46 EDT