Jump to content

Perpend357

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Another good discussion of registry cleaners here.
  2. Sorry, my stupidity. I was trying to select a topic from the forum options drop down, and had never tried from within the topic itself.
  3. I see that here. I was referring to an experience I had using the 'Malware Removal - Post Hijack This Logs' forum. It would be nice if the same drop down list functioned there. I also managed to find the following helpful information, once I looked for the solution: http://www.malwarebytes.org/forums/index.p...DE=01&HID=5 Thanks again for helping us to purge the miscreants!
  4. Perhaps this has been mentioned elsewhere, but it would be nice if we could track comments on a post by seeing responses to a particular topic in a forum instead of having to subscribe to the forum as a whole. It would also save a little time if at login you were sent back to subscribed topics, but that's easily accomplished with a bookmark. It would be even more convenient to have one's email inbox notify when a response was posted to a topic you were interested in following closely. Otherwise, I'd like to thank you for a great program and superior support! I'll be recommending you to my friends.
  5. Well, it seems ok, I guess. It's slow at boot up, but it's probably starved for memory right now, and I'm going to advise the new owner to add a 1gb stick to bring it up to snug. Once it settles down, given what it is, I feel good about the cleaning we've done. I still can't explain that bizarre behavior with the HJ logfile & MBAM yesterday, but I noticed that the file and printer sharing and UPNP options on the windows firewall exceptions were allowed, so I unchecked them at that point. I don't know if there was some kind of remote interference or not. I'm going to go online somewhere like MS or symantec and check the port security, but I want to thank you for leading me through all those tests and cleans. I have a tendency to wing it on my own and don't end up with a lot of confidence in the end result sometimes. It's really kind of you to lend your expertise where it's needed, and from the looks of the posts in this forum alone, there's a lot of pressure to keep abreast of it. Any recommendations you can make for me to keep things humming will be heeded. Otherwise, thanks, again, very much! Sincerely,
  6. Ok, thanks. I really appreciate the guidance. I have followed your instructions. Incidentally, before I got them I decided to use HJThis to fix that (20) entry with the pmkhi in it. (I think I recall there was some issue with this computer a couple years ago, and thought that was a leftover from that time. <Sorry>) I disconnected internet, shut down ESET & BOClean, I ran chkdsk, ran CCleaner, and ran Dr. Web CureIt which found no viruses. I was unable to save the .csv report as that menu item was grayed out. (I can post the CureIt.log if you wish). Afterwards it occurred to me to run CCleaner from the second user's log on, so I did. (I set it up so there's only 1 admin logon) Here's the most recent HJ log: (You'll see I updated Adobe Acrobat & Reader, and ran an online scan last night). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:13 PM, on 2/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINNT\system32\slserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\Gateway Utilities\GWInkMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3655023926-2902348142-2634480375-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Seie') O4 - HKUS\S-1-5-21-3655023926-2902348142-2634480375-1007\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Seie') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202344050359 O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe -- End of file - 5804 bytes How's this looking to you? Anything more?
  7. Ok, I'm bad. Apparantly I did wrong by answering my first post, but here I go again. MBAM is updating fine now, and quick scan is reporting again no infections or detections. Do I need to be concerned about the pmkhi file in my Hijack This log, or is it possible that's an old problem that just shows itself in the HJ scan?
  8. Hi again, I know the MBAM scan looks clean, but there's something amiss with this computer. As I was looking at the Hijack This logs, the Header started scrolling off to the right off the screen, and the bottom scroll bar moved itself over to the right so you couldn't see the log. I could hold the slider to the left, but the top line had a cursor that kept moving the header off to the right over and over again. Also, when I try to start up MBAM, it is really slow, unresponsive, and then doesn't seem to update any more, even though the update window will start to run and the windows firewall has allowed MBAM.
  9. Hello, I'm hoping you'll be able to help me. I am trying to prepare a computer we stopped using about a year ago to give to a friend for her use. I installed a trial version of the expired ESET AV we had on the computer. I installed a couple of antimalware programs, (MBAM, SpywareBlaster,) and updated already installed Defender & Spybot S&D, and updated Windows to sp3. I decided to run a Hijack This scan after cleaning all the old files off, and found a couple of things that lead me to be concerned. Please have a look and advise us how to follow through, and whether this computer is safe for someone to use who is now on a Windows 98 system. Also, could you please tell me what the malware found on it is/was doing, i.e. has it stolen the id of the person who used to use it? The computer is running Windows xp home edition, with sp3. Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:54 AM, on 2/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINNT\system32\slserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202344050359 O20 - Winlogon Notify: pmkhi - C:\WINNT\ O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe -- End of file - 4536 bytes (I already checked the 03 toolbar entry and asked to fix, but it seemed like Hijack this didn't come back correctly, so I ran another scan, and that 03 entry was gone.) I'll post back with the MBAM log, as this system is pretty slow.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.