Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop up problems and slow running [RESOLVED]


  • This topic is locked This topic is locked

#16
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Great thanks! I will turn my firewall on... say good night to the dogs! Are yours sleeping too? Love that door bell (ring, ring). LOL

And I'll even defrag while I'm sleeping.

Have a great night!!!

Anne
  • 0

Advertisements


#17
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Anne,

How did everything go?

:tazz:

Tom
  • 0

#18
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Dear Tom,
Thanks for your message. I am officially getting old! It has taken me a couple of days to recover from my coffee induced mania! :)

I have a couple of shops today and will be back on line later this evening to finish up with my computer hooplah.

Thanks for the great follow-up! :tazz:

best,
Anne
  • 0

#19
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Phew, thought you might have done this :

:) or this :tazz:

:)

Tom

Edited by Excal, 31 August 2005 - 10:15 AM.

  • 0

#20
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Guess what Tom?!!!! :tazz: It's started again! My computer started to slow down couldn't access a web site and I ran the ewido again and it found 5 items. So, I cleaned them and ran another HiJack report for you.
Here's the HiJack report... (urgh) want to bang the computer now!!!!

Logfile of HijackThis v1.99.1
Scan saved at 5:49:35 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.cua.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125327285625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


here's the ewido report too ---

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:48:55 PM, 8/31/2005
+ Report-Checksum: 4AEAAAD7

+ Scan result:

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\backups\backup-20050829-232316-739.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\vygrxxq.exe -> TrojanDropper.Agent.tb : Cleaned with backup


::Report End

p.s. I am going to watch a silly movie now, while I recover from my computer malise.
  • 0

#21
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Your HiJackthis log is clean. The ewido was only cookies (which you will get all the time) and a backup from HJT.

Want to do another activescan see if anything pops up.

:tazz:

Excal
  • 0

#22
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hi Excal,

Well, the movie is over .. so, two movies later I can finally come back to the computer. I have forgiven it. (nice of me huh? Since I probably infected it in the first place :tazz: .

Here is the Active Scan :

Incident Status Location

Adware:adware/transponder No disinfected Windows Registry
Adware:Adware/BigTrafficNet No disinfected C:\1.exe
Spyware:Spyware/Cydoor No disinfected C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
Possible Virus. No disinfected C:\WINDOWS\I386\idwlog.exe
Possible Virus. No disinfected D:\I386\idwlog.exe
  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You can delete this file :tazz: C:\1.exe


Please download and unzip RegSearch to your desktop.


Open the RegSearch folder and double click RegSearch.vbs. Allow it to run.
Note: if your Antivirus or another program prompts about running a script file, allow the script to run.

copy and paste this in: transponder then hit "ok"

RegSearch will "disappear" but it is actually searching the registry for that entry.

Copy and paste what it finds into a Notepad file.


Excal :)
  • 0

#24
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
OK will do! Thanks again! I'll be back with the results for you.
  • 0

#25
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Ok Done.
The RegSearch:
Search completed in 22 seconds. No instances of Transponder found.

That's good news right? :tazz:
  • 0

Advertisements


#26
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
hmmm, i guess so....lol

Hows everything running?
  • 0

#27
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hmmm.. Well, I'm going to try to down load that file right now (Adobe Acrobat) and log into their site. That's where I experienced the slowness. I'll let you know in a few.

Oh, by the way I'd sure like to get rid of this pesky MSN messenger pop up display box that happens everytime I boot up. Is it this line on my HJT log below?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Maybe I am getting "delete happy".. promise no coffee since this morning!
  • 0

#28
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
1. Go to "Start", the "Run"
2. Type in "RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove" and press enter
3. Restart and you'll never see Windows Messenger again!
  • 0

#29
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Yippee!!!! :tazz: Hail Excal!!!!

(VBR --- very big roar from the crowd!)

OK. Fab! Web site download went fab! Did the messenger thing. Will have to reboot for that... ohhhh I can't wait!

Now, for the follow-up questions regarding your detailed instructions last night. I did defrag my computer.

On my to do list is writing to Norton regarding the firewall. And one other thing, putting some antivirus software on. Guess what the cable guy said when I called and couldn't go on line First disable my firewall and second eliminate my virus protection. Yes!! He did!!! I know.. I will wait a moment while you recover....

So, the norton I had on there is GONE! yep, he lead me right down the garden path to you didn't he? He gave me step by step instructions right over the phone to delete the norton virus software. Since, Norton came pre-installed on my Ho do you think that they would put it back for me? I guess I would have to pay for the regular updates they do....
  • 0

#30
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
If you are going to uninstall norton, don't reinstall it!!

There are free ones out there that will so the job!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP