DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   HJT log HJT won't remove (http://www.daniweb.com/forums/thread152869.html)

joal Oct 22nd, 2008 12:19 pm
HJT log HJT won't remove
 
below is log, HJT will not remove the two "24's" nor will killbox, ???

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:05:00 AM, on 10/22/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\1218037355\ee\AOLSoftware.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Documents and Settings\Administrator.HART-8DA2801E47\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1218037355\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator.HART-8DA2801E47/My%20Documents/My%20Pictures/Pictures%20Downloaded%20from%20AOL/SavedFromMail/10_animMA17697484-0010.gif
O24 - Desktop Component 1: (no name) - http://auto.search.msn.com/response....prov=aols&utf8

--
End of file - 5807 bytes

jbennet Oct 22nd, 2008 12:20 pm
Re: HJT log HJT won't remove
 
rename hijackthis to (something else).exe and rerun it. Some spywares block it.

jholland1964 Oct 22nd, 2008 1:18 pm
Re: HJT log HJT won't remove
 
The O24 entries are Windows Active Desktop Components. Active Desktop Components are local or remote html files that are embedded directly onto your desktop as a background.
When fixing these entries, HijackThis will only remove the Desktop Component in the registry. The actual HTML file being referenced, though, will not be deleted. You must actually have to MANUALLY remove them.

joal Oct 22nd, 2008 1:58 pm
Re: HJT log HJT won't remove
 
I will rename HJT, and would you explain how to manually remove these ?
thanks
Joal

jholland1964 Oct 22nd, 2008 2:31 pm
Re: HJT log HJT won't remove
 
Quote:
Originally Posted by joal (Post 718987)
explain how to manually remove these ?
thanks
Joal
You will have to navigate to the location of each file and then delete it.
C:/Documents and Settings/Administrator.HART-8DA2801E47/My Documents/My Pictures/Pictures Downloaded from AOL/SavedFromMail/10_animMA17697484-0010.gif

This one appears to be a link on your desktop so you should actually see it there and be able to delete it.
O24 - Desktop Component 1: (no name) - http://auto.search.msn.com/response....prov=aols&utf8

jholland1964 Oct 22nd, 2008 4:23 pm
Re: HJT log HJT won't remove
 
All of the above said, I have to ask WHY are you using HiJackThis and Killbox? I cannot find any post of yours which gives a reason why you are using these two programs, in fact your last thread here was in Feb. 2007 which actually was never completed and showed an incorrect assumption on your part concerning an entry in the HJT log posted. But you never returned or really stated what the problem was in the first place.

HiJackThis is NOT a fixer or removal program essentially, it is a scanner program to see what is or may have been on the computer at sometime. HijackThis is a utility that produces a listing of certain settings found in your computer. HijackThis should only be used if your browser or computer is having problems AFTER running Spybot or another Spyware/Hijacker removers like MBA-M, using anti-virus programs, uninstalling unnecessary or unwanted programs and cleaning out temp files. It should definitely NOT be used for general maintenance or clean up ever. That is not the purpose of this program. One should NOT fix entries using HijackThis without consulting an expert on using this program. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system with similar file names and in a similar manner that Hijackers get installed. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.

KillBox is another tool that is NOT to be used for general clean up. It is a utility designed for terminating harmful processes, deleting malicious files and folders containing malware. It is not recommended for use just to remove files, folders or programs one no longer wants. It should definitely NOT be used unless directed to do so by a helper when removing malware from a computer. It is updated frequently so old versions should be removed from a computer after you are directed to use it. Now while it used to remove malware that doesn't mean that it wouldn't remove a legitimate program if directed to do so in error by the user. Therefore a KEY file for the operating system or specific program could be removed by mistake. If you go through old threads here and at other legitimate malware removal forums you will see that Killbox is very often the LAST thing tried when removing a stubborn piece of malware.

joal Oct 22nd, 2008 4:25 pm
Re: HJT log HJT won't remove
 
thanks, found the one file, yet HJT still shows it, still unable to figure out how to remove the second after I click on it, and it comes up , strange how did this happen??
Joal

jholland1964 Oct 22nd, 2008 4:28 pm
Re: HJT log HJT won't remove
 
There is nothing wrong with either of these files. Which file is it that you cannot remove?
I also just noticed, you are using an out of date version of HiJackThis. You are using the Beta version 2.0.0 which was a TEST version.
Delete this version. Download the newest version which is version 2.0.2 from HERE

Not certain what you mean by this;
Quote:
still unable to figure out how to remove the second after I click on it, and it comes up
Click on it WHERE? What comes up?

joal Oct 22nd, 2008 4:34 pm
Re: HJT log HJT won't remove
 
The last time I posted I took the computer in to be fixed, this time, made the assumption it was malware as I had no idea how it appeared, my wallpaper was gone, replaced by a type of search page. I have been using HJT for years to get rid of BHO's and some malware with no ill effects.
Today was the first time I tried Killbox.
Managed to restore screen, but still have no idea how it happened, my daughter may have done this by accident.
Joal

joal Oct 22nd, 2008 4:46 pm
Re: HJT log HJT won't remove
 
The new HJT got rid of them, thanks lots
Joal


All times are GMT -4. The time now is 6:12 am.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC