Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Robbi Louise

1 Message

883

January 6th, 2008 21:00

Finding errors with Hijack This

I have a Dell XPS DXP051 with Windows XP Media Center Edition with SP2. I have restored the errors that I originally fixed so I hope I am sending all the info that's needed. While restoring, I kept getting errors about the Extra Button Shoppers Reports. I don't know what that was all about.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:42 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O15 - Trusted Zone: http://*.msn.com
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware  (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5191 bytes

korrson

592 Posts

January 8th, 2008 18:00

Your only isssue in your logs that I see is
ShopperReports.

all these shopping helpers are nice but you give you privacy, speed and they can spy on you and track what you're looking at.....

Bugbatter

4 Apprentice

 • 

20.5K Posts

January 8th, 2008 19:00

Please be aware that korrson is not listed as a graduate of the malware removal schools that we contacted.
It is understood that once a helper replies to a log, he continues working with you until the issue is resolved.

Robbi Louise, you have some choices:


1. You can, at risk, continue working with the person who has taken ownership of this thread.


2. You can repost your log at the top of the forum as a New Message, and wait for a trained analyst to reply.

A list is here:
>HijackThis Board

korrson

592 Posts

January 9th, 2008 17:00

But in the meantime she has a decision to make about
ShopperReports and if she wants to continue using that program.

That decision has to be made by the owner of the computer.
Here is some information to help them make that decision.

http://www.scanspyware.net/info/ShopperReports.htm
http://www.bleepingcomputer.com/uninstall/534/Hotbar-ShopperReports.html

Bugbatter

4 Apprentice

 • 

20.5K Posts

January 9th, 2008 19:00

Robbi Louise may need more information in order to make that decision, however, according to Firetrust Sitehound:

http://scanspyware.net
The website you are trying to access has been categorized as potentially unsafe and you may not want to continue.

BleepingComputer is safe, but you forgot to give Robbi Louise instructions for removing the program.

Bugbatter

4 Apprentice

 • 

20.5K Posts

January 9th, 2008 20:00

1. You took ownership of this thread when you replied to it.

2. Giving a link that is unsafe is a no-no.

3. Lastly, "the owner should" is assuming too much on your part.

This is not a classroom, so you are on your own in this thread from now on.
Good luck.

korrson

592 Posts

January 9th, 2008 20:00

The link to http://www.bleepingcomputer.com/uninstall/534/Hotbar-ShopperReports.html
Name: Hotbar ShopperReports
Description: Add or Remove Programs entry for Hotbar related software. Hotbar is considered a potentially unwanted application by Sophos.
Removal Instructions: How To Remove An Installed Program From Your Computer

which links to http://www.bleepingcomputer.com/forums/topic42133.html
which shows how to remove a program from your computer.

Do not use ScanSpyware to remove anything or use that product. The link from googling ShopperReports was a confirmation that you want to remove ShopperReports.
Follow the www.bleepingcomputer.com instructions.


I dare not recommend any programs that may help prevent future infection like AVG Anti-Spyware http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0
or Spybot-S&D
http://www.safer-networking.org/en/index.html
I do not recommend any other anti-spyware programs, expecially even the well known ones like McAfee, since I've seen that "spyware" bring lesser computers to their knees.

But someone is buying McAfee and the notorious Norton, so there are different opinions out there. Please add your own recommnedations.




I merely gave 2 links to allow the person who owns the computer to make a decision on if they want to remove the Hotbar ShopperReports at all or to understand what is was and when they might have installed it.
The computer owner should read about how the program might have been installed on their own computer by their own actions and may think twice about just installing anything without reading about it first.

Hopefully that may help prevent future infestations.

Message Edited by korrson on 01-09-2008 08:01 PM

korrson

592 Posts

January 9th, 2008 20:00

@Bugbatter wrote:
1. You took ownership of this thread when you replied to it.

2. Giving a link that is unsafe is a no-no.

3. Lastly, "the owner should" is assuming too much on your part.

This is not a classroom, so you are on your own in this thread from now on.
Good luck.




Where is it posted on Dell that you take ownership of a thread by replying it??
That is clearly listed on Castle Cops but I don't see it here.

Maybe it should be added to the top of the forum.
That was very good that you added that new post today that tried to explain how this forum works since its very different from the other Dell forums that I've participated on for the past 10 years.



Why don't you take charge of improving the Dell forum to the level of Castle Cops since many users persist in posting unformatted logs? You should be able to improve the warnings and header of this Dell Forum to prevent that from happening again and again here at Dell.

Message Edited by korrson on 01-09-2008 04:53 PM

korrson

592 Posts

January 10th, 2008 00:00

Well Robbi Louise, I am not a graduate of malware removal school but no one here has tried to help you yet it seems, and just gave you stern directives about how to post your logs.

I was also warned that giving you links to read about ShopperReports assuming you could read was "assuming too much on your part."

So how about it.
can you read this?

http://www.bleepingcomputer.com/uninstall/534/Hotbar-ShopperReports.html
Name: Hotbar ShopperReports
Description: Add or Remove Programs entry for Hotbar related software. Hotbar is considered a potentially unwanted application by Sophos.
Removal Instructions: How To Remove An Installed Program From Your Computer

which links to http://www.bleepingcomputer.com/forums/topic42133.html
which shows how to remove a program from your computer.

I would also remove the ShopperReports entry with HijackThis.

Why you were asked to restore something that was malware (While restoring, I kept getting errors about the Extra Button Shoppers Reports.)
is beyond me, but remember I am not a graduate of malware removal school.

Message Edited by korrson on 01-09-2008 08:41 PM

Was this post helpful?

View All

No Events found!

Top