0

below is log, HJT will not remove the two "24's" nor will killbox, ???

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:05:00 AM, on 10/22/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\1218037355\ee\AOLSoftware.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Documents and Settings\Administrator.HART-8DA2801E47\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1218037355\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator.HART-8DA2801E47/My%20Documents/My%20Pictures/Pictures%20Downloaded%20from%20AOL/SavedFromMail/10_animMA17697484-0010.gif
O24 - Desktop Component 1: (no name) - http://auto.search.msn.com/response.asp?MT=my+documents&srch=5&prov=aols&utf8

--
End of file - 5807 bytes

4
Contributors
12
Replies
13
Views
8 Years
Discussion Span
Last Post by crunchie
0

The O24 entries are Windows Active Desktop Components. Active Desktop Components are local or remote html files that are embedded directly onto your desktop as a background.
When fixing these entries, HijackThis will only remove the Desktop Component in the registry. The actual HTML file being referenced, though, will not be deleted. You must actually have to MANUALLY remove them.

0

I will rename HJT, and would you explain how to manually remove these ?
thanks
Joal

0

explain how to manually remove these ?
thanks
Joal

You will have to navigate to the location of each file and then delete it.
C:/Documents and Settings/Administrator.HART-8DA2801E47/My Documents/My Pictures/Pictures Downloaded from AOL/SavedFromMail/10_animMA17697484-0010.gif

This one appears to be a link on your desktop so you should actually see it there and be able to delete it.
O24 - Desktop Component 1: (no name) - http://auto.search.msn.com/response....prov=aols&utf8

0

All of the above said, I have to ask WHY are you using HiJackThis and Killbox? I cannot find any post of yours which gives a reason why you are using these two programs, in fact your last thread here was in Feb. 2007 which actually was never completed and showed an incorrect assumption on your part concerning an entry in the HJT log posted. But you never returned or really stated what the problem was in the first place.

HiJackThis is NOT a fixer or removal program essentially, it is a scanner program to see what is or may have been on the computer at sometime. HijackThis is a utility that produces a listing of certain settings found in your computer. HijackThis should only be used if your browser or computer is having problems AFTER running Spybot or another Spyware/Hijacker removers like MBA-M, using anti-virus programs, uninstalling unnecessary or unwanted programs and cleaning out temp files. It should definitely NOT be used for general maintenance or clean up ever. That is not the purpose of this program. One should NOT fix entries using HijackThis without consulting an expert on using this program. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system with similar file names and in a similar manner that Hijackers get installed. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.

KillBox is another tool that is NOT to be used for general clean up. It is a utility designed for terminating harmful processes, deleting malicious files and folders containing malware. It is not recommended for use just to remove files, folders or programs one no longer wants. It should definitely NOT be used unless directed to do so by a helper when removing malware from a computer. It is updated frequently so old versions should be removed from a computer after you are directed to use it. Now while it used to remove malware that doesn't mean that it wouldn't remove a legitimate program if directed to do so in error by the user. Therefore a KEY file for the operating system or specific program could be removed by mistake. If you go through old threads here and at other legitimate malware removal forums you will see that Killbox is very often the LAST thing tried when removing a stubborn piece of malware.

0

thanks, found the one file, yet HJT still shows it, still unable to figure out how to remove the second after I click on it, and it comes up , strange how did this happen??
Joal

0

There is nothing wrong with either of these files. Which file is it that you cannot remove?
I also just noticed, you are using an out of date version of HiJackThis. You are using the Beta version 2.0.0 which was a TEST version.
Delete this version. Download the newest version which is version 2.0.2 from HERE

Not certain what you mean by this;

still unable to figure out how to remove the second after I click on it, and it comes up

Click on it WHERE? What comes up?

0

The last time I posted I took the computer in to be fixed, this time, made the assumption it was malware as I had no idea how it appeared, my wallpaper was gone, replaced by a type of search page. I have been using HJT for years to get rid of BHO's and some malware with no ill effects.
Today was the first time I tried Killbox.
Managed to restore screen, but still have no idea how it happened, my daughter may have done this by accident.
Joal

0

The new HJT got rid of them, thanks lots
Joal

0

The new HJT got rid of them, thanks lots
Joal

I have been using HJT for years to get rid of BHO's and some malware with no ill effects.
Today was the first time I tried Killbox.

Joal I will say this, you are very lucky. Doing it this way is dangerous.

I post this mainly as advise to others. This is NOT the way to do things. I say again, HJT is NOT a removal program. It MIGHT remove HJT log entries showing which point to malware, spyware, viruses and trojans but it WILL NOT remove the infection.
Don't follow this poster's example. If you feel there is infection on your computer begin HERE. Then start a new thread here stating your problems, programs run in an attempt to correct these problems and include all logs. END by running a Full Scan with HiJackThis and post that log too. Don't attempt fixes with HiJackThis, just use it for scanning until directed to do fixing with it.

0

regarding jholland's critique, I did not respond to the Feb 2007 post ,due to heart and lung failure.
In spite of everything, my computer is running with windows 2000 and still use HJT and killbox .
thank you joal

0

Hijackthis is revealing less and less malware that might be present on ones pc, so even though one may "fix" what is seen, there is a better than good chance that other malware exists on the pc.
Each to their own, but Judy is correct.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.