|
-
October 6th, 2008, 11:55 PM
#76
I tell you, I'm glad, we found it, because, it was driving me nuts!...hehehe
Before we go any further:
1. Turn System Restore off.
2. Restart computer.
3. Turn System Restore on.
4. Run CCleaner.
Rootkit is just a type of virus, but a really nasty one, because most security programs won't detect it. The reason is, it pretends to be like another system file, and it hides itself very well (you know, by now  ). It's able to take full control of your system, if not taken care of.
As for the programs....
- reglooks.exe is a simple file, which doesn't install anything, so it can be simply deleted
- GMER - Start C:\WINDOWS\gmer_uninstall.cmd script and reboot
- others are keepers
-
October 7th, 2008, 12:15 AM
#77
OK....
I am running the ccleaner...
avast found the TDSS somewhere - i told it to delete....i guess it is running and is updated now where before the rootkit was blocking the update and avast from running....
i am down to 3.8GB of Memory....what should i delete...i was never able to find the HP toolkit???
speed seems better, is there anything I can do to improve that even more???
-
October 7th, 2008, 12:21 AM
#78
I'd like you to post another HJT log, just to make sure.
I assume, your hard drive space is down to 3.8GB, right?
What is the size of your HD?
Are you sure, Avast is getting updates?
Can you restart to Safe Mode, now?
-
October 7th, 2008, 09:38 AM
#79
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:24 AM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ccf.org
O15 - Trusted Zone: *.clevelandclinic.org
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.ccf.org/ccf-msam/cds/CGC/en/CSGProxy.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 6086 bytes
-
October 7th, 2008, 09:41 AM
#80
Hard Disk Space is:
C: total size: 14.9 GB
C: total available: 3.32GB
D: total size: 59.5 GB
D: total available: 56.0
avast looks like its is getting updates because i am not getting the warning saying that it cant access the updates, like I used to.....
if i do safe mode - should i run the superantispyware in safe mode???
-
October 7th, 2008, 09:49 AM
#81
i went to manually update avast and was able to - i think....here is the log for that..
Information about current update:
Total time: 1:26
- Vps: Updated
(previous version: 081006-0, updated version: 081007-0)
Server: download660.avast.com (69.93.227.202)
Downloaded files: 6 (52.33 KB)
Download time: 7 s
-
October 7th, 2008, 06:38 PM
#82
1. HJT log looks perfectly fine.
2.
i went to manually update avast and was able to
Cool
3.
if i do safe mode - should i run the superantispyware in safe mode???
No, I just wanted to see, if you can access Safe Mode, since you're not able to do so before.
4. How is your computer doing overall?
-
October 7th, 2008, 06:40 PM
#83
i am at the office...
when i get home i will take a look and see how it is doing....
i do want to remove software and try to make it faster - any thoughts on that....
-
October 7th, 2008, 06:57 PM
#84
i do want to remove software and try to make it faster
Number of installed softwares has nothing to do with your computer speed.
What matters:
1. Processor speed (I don't remember what it is).
2. Amount of RAM (I don't remember that, either)
3. Number of startups (we eliminated ALL unnecessary ones).
4. Amount of hard drive free space...
You:
C: total size: 14.9 GB
C: total available: 3.32GB
It's kind of OK. Windows needs at least 15% of free space to operate correctly; ~3GB in your case. Since your D drive is almost empty, try to move all possible data (movies, music, pictures, etc.) to drive D. Also, from now on, try to install any new program on D (create new Program Files folder there).
5. Computer being clean (yours is as a whistle )
-
October 12th, 2008, 10:22 AM
#85
looks like everything is working great....thanks a ton for your help!!!!!!!!!!!!!!!
-
October 12th, 2008, 01:34 PM
#86
Cool 
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
