Results 1 to 5 of 5

Thread: HJT for Speedy

  1. #1
    Lifetime Member lakewoodlady's Avatar
    Join Date
    Oct 2007
    Location
    On a need to know basis....
    Posts
    2,719

    Default HJT for Speedy

    Please can you have a squiz at this for me. I have somebody who has a prob with MSSE. Somehow it is deactivated itself.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:00:13 p.m., on 3/04/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{575A4F7A-241D-47CB-BA80-E87CCFC20F85}: NameServer = 203.152.110.137 203.152.110.138
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 4831 bytes

    TIA. LL
    _____Nothing is hidden that cannot be revealed_____

    http://tauposeniornet.com
    www.piriform.com/CCLEANER

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    Taupo
    Posts
    42,160

    Default Re: HJT for Speedy

    I would remove spybot and adaware. Use malwarebytes instead

    You can tick these then tick fix checked. Close browsers. Or use ccleaner and delete them in tools / startup

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    Teatimer (part of Spybot) maybe stopping MSE. Or something. Since it can block things

    If messenger has been uninstalled, you can tick these

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    What does MSE say, when you try and turn it on?

  3. #3
    Lifetime Member lakewoodlady's Avatar
    Join Date
    Oct 2007
    Location
    On a need to know basis....
    Posts
    2,719

    Default Re: HJT for Speedy

    I am trying to help someone who has a problem with MSSE not turning green at startup. She has run a scan with Malwarebytes and it found the following: Pum Disabled Security Registry Data Hkey_Local_machine\Software|Microsoft Security. I thought it may have something to do with the problem. Funny, I can't see any reference to Malwarebytes in the logfile.

    I will give her your findings and see if it will fix the problem. Many thanks.

    LL
    _____Nothing is hidden that cannot be revealed_____

    http://tauposeniornet.com
    www.piriform.com/CCLEANER

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    Taupo
    Posts
    42,160

    Default Re: HJT for Speedy

    According to this

    What it detected is not a threat but registry entries that show that your Windows Security Center's notifications are disabled.

    This by itself is not dangerous , not malicious

    However as that site says if the firewall comes up asking to unblock something as well, thats a different matter. So MSE isnt disabled

  5. #5
    Lifetime Member lakewoodlady's Avatar
    Join Date
    Oct 2007
    Location
    On a need to know basis....
    Posts
    2,719

    Default Re: HJT for Speedy

    Sorry not to get back sooner. First of all thank you for your advice on the HJT log.
    The person I am trying to help has just got back to me and all she's said is that she has removed Spybot and nothing else. (Not Computer literate.)
    So, I have asked her questions to find out exactly what she has done. Hopefully she will answer them all. Apparently Malwarebytes had quarantened the suspect file so that is good. She says that MSSE is still not turning green on boot up, so she has to restart the computer, then it changes from red to green.
    I have suggested to her to uninstall and then re install it. Will see how that goes.

    Cheers LL
    _____Nothing is hidden that cannot be revealed_____

    http://tauposeniornet.com
    www.piriform.com/CCLEANER

Similar Threads

  1. HJT log speedy
    By GameJunkie in forum PressF1
    Replies: 5
    Last Post: 25-02-2011, 10:09 PM
  2. Ref Speedy and others
    By kjaada in forum PC World Chat
    Replies: 13
    Last Post: 08-02-2009, 07:23 AM
  3. HJT log for Speedy
    By lakewoodlady in forum PressF1
    Replies: 3
    Last Post: 15-01-2009, 03:57 PM
  4. log for speedy please
    By Q man in forum PressF1
    Replies: 6
    Last Post: 02-12-2008, 08:27 PM
  5. One for Speedy and others
    By apsattv in forum PressF1
    Replies: 13
    Last Post: 26-11-2008, 12:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •