Results 1 to 7 of 7
  1. #1
    Lounger
    Join Date
    Feb 2008
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am going to give you as much info that I am able
    I have attached my HIJACK THIS Log below

    I am not sure how/if it all relates but here it is
    Also not sure if I am in the right forum but I thought I would start here



    The quick version – A synopsis of what happened
    My screen went black one day and I had a techie “restore” it
    It seemed to work okay but was freezing up regularly and now is freezing up several times a day
    It seems to be be most affected when I have stuff on the clipboard and/or I am online
    I brought it back to him and he says it seems fine

    I multitask and always seem to have many windows opened simultaneously and it has never happened before. Early on when I multitasked it seemed to freeze up but now it is freezing all the time with only one program opened but I am always online


    ACTIONS TAKEN
    I have done the following
    Defragged, checked for viruses (see below) and then he did the same and also checked for corrupted sectors
    I do have loads of pictures on the computer so I thought that maybe there was too little memory but there is over 50% of memory remaining

    MALWARE FOUND
    After this blackout happened I had one of the those pop ups where the simulated window screen flashes that you have several threats etc and says you need to download this to get rid of the threats etc
    The second time it popped up I wrote down the file name in the Run this file pop-up and found it to be malware
    I purchased PREVX 3.0 to remove it but the computer is still freezing

    This is what they wanted to install - I have a screen shot of the pop up if that will help

    Pack_40S10.exe
    The IE window pops up with the www.scannerspy08.com
    The a realistic Window Security Alert pops up in that window

    I went in and googled the Pack_40S10.exe and found that others found it was a Cloaked Malware and they had luck removing it with PREVX3.0 so I bought that and removed it but I cant tell for certain … as I searched for it in the SEARCH window b4 I deleted and it did not appear

    SOME WEIRD THINGS THAT HAVE HAPPENED
    I have those dings go off twice everytime shortly after I turn on the computer. It is the bell like I am trying to complete a process that won’t work – it dings twice in a row and then not again

    MY COMPUTER
    Laptop is IBM Think Pad – Windows XP 2G

    Thanks
    Kate

  2. #2
    3 Star Lounger HeyJude's Avatar
    Join Date
    Dec 2009
    Location
    Ohio, USA
    Posts
    332
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by katiebee View Post
    I am going to give you as much info that I am able
    I have attached my HIJACK THIS Log below
    I don't see any attached HJT log, but it is interesting to find your same post Copy of your post HERE

    Hey Jude
    Take a sad song and make it better

  3. #3
    Lounger
    Join Date
    Feb 2008
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey Jude

    DId I break any rules?
    I am very frustrated and thought I could find some help online
    Please advise

  4. #4
    Lounger
    Join Date
    Feb 2008
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I attached the log - so maybe i am notdoing it propery

    here it is pasted


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:45 PM, on 1/11/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Comodo\CBOClean\BOCORE.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Prevx\prevx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\User\Desktop\1&1 EasyLogin\EasyLogin.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Documents and Settings\User\Desktop\1&1 EasyLogin\EasyLogin.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --
    End of file - 7361 bytes

  5. #5
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by katiebee View Post
    DId I break any rules?
    I am very frustrated and thought I could find some help online
    Please advise
    Hi Kate,
    No - you didn't break any rules. But have a look at this thread for some links to sites that specialize in Hijack This logs. It's probably better to try one of those sites. Good Luck.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  6. #6
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    Quote Originally Posted by katiebee View Post
    ...
    DId I break any rules?
    ...
    You didn't break any rules, but it is usually considered courteous to say that you have posted the question in multiple places.

  7. #7
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Katiebee :

    I do not know IF you are still watching this thread, but in case you are, I offer the following .Prevx calls your "Pack____"
    "Cloaked Malware" ; that usually means a "Rootkit" is involved and they are usually difficult to "detect", then remove . The Best FREE Rootkit "Detector" is the FREE "GMER" program ; however, "Logs" from this program are best analyzed by an
    experienced, CERTIFIED, Volunteer "Malware Removal Specialist" found on Advanced Malware Removal Forums, such as the
    One at www.geekstogo.com .

    In your current situation, I would start by running scans of the 2 best ( and FREE ) antimalware programs nowadays, namely
    Malwarebytes Anti-Malware ( www.malwarebytes.org/mbam.php ) and "SUPERAntiSpyware" ( www.superantispyware.com ),
    BOTH of which come in FREE Version(s) . They BOTH are much better than that AVG AntiSpyware program your HijackThis
    log shows you have on your computer . The "Log" also shows you have an out-of-date AVG antiVIRUS program, which at a
    minimum should be UPDATED/UPGRADED, though I recommend the FREE Avast Antivirus Home Edition, avaiable at
    www.avast.com .

    Your HijackThis log also shows you have the continuely malware-prone Adobe Reader . I recommend the SAFER and
    FREE "Foxit Reader" .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •