Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removal results in graphic problems [CLOSED]


  • This topic is locked This topic is locked

#1
Fiend7383

Fiend7383

    New Member

  • Member
  • Pip
  • 1 posts
I had problems for quite some time with hclean.exe and security2k. I finally got rid of them last night, but apparently at the cost of most of the tabs in my display properties (I got these back through regedit), and some very jerky scrolling on webpages, word, and any other programs where there is text scrolling. Right click option menus were also fading in very slowly, I switched to nofade popup menus, which fixed it, but i know the root problem is still there. This whole problem seems to have started after I finally managed to get rid of hclean and security 2k, I used a combonation of pandascan, hijack this and killbox, in the end copying down the files that pandascan identified as malware and using killbox to delete them. After this my desktop and graphic settings seemed to revert to some previous stage and I lost most of the tabs in my display properties. Using security task manager and hijack this I can see no programs running which would cause a slowdown like this, and no extra memory is being used. Also, programs which need large amounts of memory and graphical rendering seem to run fine (ie Halflife 2, or any video file). It just seems that when I scroll down a webpage the scrolling is very jerky/slow. I've uninstalled/reinstalled ati catalyst (I have an radeon 9200SE) twice now, with no effect, and I'm out of ideas. Here is a list of files I killed before this problem started, and my current hijack this log, please help!!


Files killed by killbox while removing hclean and security2k:
:\WINDOWS\System32\hpF6D9.tmp
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intell.exe
C:\WINDOWS\System32\loadctr.ext
C:\WINDOWS\System32\msexnpfi.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\WINDOWS\System32\cfgrbkrend.exe
C:\WINDOWS\System32\LogFiles\A7272100.so
C:\WINDOWS\System32\hhk.dll
C:\WINDOWS\System32\rdsndin.exe
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\System32\wppp.html
C:\WINDOWS\System32\uninstIU.exe
C:\WINDOWS\System32\adlsldpbc.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\rdsndin.exe.q_8040_q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\ntfsnlpa.exe.q_8040_q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\intell32.exe.q_8041800.q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\intmonp.exe.q_804A00_q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\A7272100.so.q_F6B9E00_q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\intmon.exe.q_804A00_q
C:\!Submit\intmonp.exe
C:\!Submit\intmon.exe
C:\!Submit\shnlog.exe
C:\!Submit\hpF6D9.tmp

Logfile of HijackThis v1.99.1
Scan saved at 4:33:44 PM, on 9/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jon\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\q955343_disk.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP