Unsolved
This post is more than 5 years old
2 Posts
0
2640
Possible Malware and/or Virus running in background - hijack enclosed
Running IE7 on Xp. I have constant problems from an avg 5 minute start up, lock ups while surfing or changing pages. IE will lock up then completly close and offer to send error report. I have skimmed the boards - microsoft and dell - for solutions. I ran AVG for viruses, defender, housecall, adware and microsoft windows malware removal tool. All came clean. I have been monitoring my task manager to see what bogs me down but im not sure I can read or understand it properly. I even tried sitting my husbands laptop next to mine and doing a side by side comparison. I am by no means a novice but I can follow simple instruction. I appreciate your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:11 AM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgupd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnsr%3D1%26ui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237933766180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smg
O17 - HKLM\Software\..\Telephony: DomainName = smg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = smg
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7487 bytes
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
July 8th, 2009 11:00
Welcome :emotion-1:
I'm sorry we could not get to your problem sooner. Thank you for waiting patiently. Just so you do not have to wait longer, I suggest posting a HijackThis log at SpywareHammer.There are instructions HERE for posting at SpywareHammer. The site has many Microsoft MVP's on staff and helpers there may be able to assist you sooner than we can here.
Additional forums that offer malware removal can be found at this link in the recommended sites section on the left side of this page: http://hjt-data.trendmicro.com/hjt/analyzethis/index.php
Please post at only ONE so you do not tie up two or more helpers working on the same issue. Thank you for your patience and understanding.
tweb05
18 Posts
0
July 8th, 2009 11:00
I would download Firefox mozilla and use this as a temporary fix, then try reinstalling IE
smglaze
2 Posts
0
July 11th, 2009 07:00
Good Morning Team,
I took your advise and posted on Spywarehammer.com. I posted 7/9 @ 6:30am, so far no one has responded? Im guessing I was just overlooked as 99% of others have been answered. Is there another site you can suggest to me?
http://spywarehammer.com/simplemachinesforum/index.php?topic=4107.0
Thanks!
Shannon
1972vet
3.3K Posts
0
July 11th, 2009 08:00
Greetings Shannon,
My name is Dave...I use the online ID of 1972vet. I'm one of the (many) MSMVP's on staff at spyware hammer. I saw your posting there and have taken the log for review. Please see This Thread, bookmark it, and make all of your replies there. Thanks!
1972vet
3.3K Posts
0
July 13th, 2009 14:00
Hello again smglaze,
With your posting here just two days after your request for assistance at spywarehammer, that your log was evidently overlooked as you stated 99% of the other logs were answered, I assumed you meant that two days wait was long enough. I've now waited two days, and have received no response from you. I wonder now how long I should wait before I archive that thread. Are you still with us? If so, please follow the directions and post your response Here. Thanks!
1972vet
3.3K Posts
0
July 15th, 2009 08:00
As there has been no response, I have archived the thread at SpywareHammer. For the benefit of other forum readers, I should mention that the reason for the slow performance of AVG8 in this users case is probably due to the conflict with Windows Defender and Ad-Aware.
The AVG8 program contains real time protection elements which protect agains viruses, rootkits and other malicious software including adware and spyware...and so does Ad-Aware's latest "free" edition.
These active protective features will struggle with the each other bringing the computer to a complete halt in some instances. A system crash is also possible, which of course can result in a loss of data.
While running AVG8 there is no need to have Windows Defender or Ad-Aware running their real time protective functions. Users should remember that only ONE application's real time protection is useful...anything else running with it will actually reduce the level of protection while they wrestle with each other over territorial rights to any offending file.
This is true for antivirus, and antimalware. Firewall software should ALWAYS be limited to just one. If you have Windows Firewall running, then turn it off while you install a third party software firewall.
There is no harm in having other protective programs on board...just don't allow their active protection scan engines all running at the same time. It's good to rely on them for the "second opinion" option.
To summarize:
1) Do not allow real time protection running for two antivirus products on board at the same time...use only one of them in real time.
2) Do not allow real time protection running for two antimalware products on board at the same time...use only one of them in real time.
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
July 15th, 2009 10:00
Thank you, Dave. I'm closing this thread.