[Resolved] I'm a bit confused re: which forum

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] I'm a bit confused re: which forum, HJT

Options

baseballnut View Member Profile	Aug 7 2009, 11:02 AM Post #1
Authentic Member Group: Authentic Member Posts: 24 Joined: 7-November 08 Member No.: 82,284 Operating System: Windows 2003	Greetings, I originally posted my log in this forum a couple weeks back and just recently got a message saying i posted to the wrong forum and I should be posting in this forum. However, this is the forum I thought I originally posted in. http://forums.whatthetech.com/My_computer_...ht_t105631.html Regardless, below is my original post I truly hope I can get some help thanks so much in advance Hi everyone, i've been meaning to do this for a while..... a few weeks back I tried to install VIPRE and remove CA Personal Firewall. I must have done something incorrectly as the CPU is now VERY slow and certain programs don't even open (not to mention i haven't been able to get rid of the CA Personal Firewall fully any help would be appreciated below is my HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:27:03 PM, on 7/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\GWMDMMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Palm\HOTSYNC.EXE c:\program files\aim toolbar\aimtbServer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JASON\Application Data\Mozilla\Profiles\default\7uuk8bnm.slt\prefs.js) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: MS extension - {BE83C3B6-0F77-436c-88B1-A56124A743CB} - fagw32.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131419283531 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned35.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- End of file - 8854 bytes

Replies

ken545 View Member Profile	Sep 17 2009, 10:20 AM Post #2
Forum God Group: Classroom Teacher Posts: 11,325 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Posts in this topic

baseballnut [Resolved] I'm a bit confused re: which forum Aug 7 2009, 11:02 AM

ken545 Hello baseballnut Welcome to the Whatthetech Malw... Aug 7 2009, 06:38 PM

baseballnut Thanks for your help I haven't been able to f... Aug 8 2009, 11:21 PM

ken545 Hi, Which firewall have you decided to keep, do y... Aug 9 2009, 04:30 AM

baseballnut Hi, in response to your question about if I'd... Aug 9 2009, 08:31 AM

ken545 Hi, Your infected with the latest variant of the ... Aug 9 2009, 09:38 AM

baseballnut Good evening, I have attached first my combofix l... Aug 9 2009, 08:18 PM

ken545 Hi, Combofix ran successfully and removed that Ro... Aug 10 2009, 02:54 AM

baseballnut Greetings as requested, here are the two results ... Aug 11 2009, 08:05 PM

ken545 Hi, Open Notepad Go to Start> All Programs... Aug 12 2009, 02:49 AM

baseballnut Thanks, here are the 2 logs you requested. See a... Aug 13 2009, 08:47 AM

ken545 QUOTE Then follow my previous instructions that I ... Aug 13 2009, 10:54 AM

baseballnut Hi there, as you can see, the log took a while an... Aug 15 2009, 07:46 PM

ken545 Hi, http://www.ewido.net/en/ Ewido is now AVG and... Aug 15 2009, 08:26 PM

baseballnut Hi, things are running much better thank you very... Aug 22 2009, 06:34 PM

ken545 Post a new HJT log and lets see whats going on Aug 22 2009, 06:36 PM

baseballnut thanks! Logfile of Trend Micro HijackThis v2.... Aug 27 2009, 10:43 PM

ken545 Vipre is still running as a service. Open notepad... Aug 28 2009, 07:00 AM

baseballnut Logfile of Trend Micro HijackThis v2.0.2 Scan save... Aug 29 2009, 12:10 PM

ken545 Great, How are things running now ? Aug 29 2009, 12:23 PM

baseballnut Hi there, as a whole, much much better but it st... Sep 3 2009, 04:48 PM

ken545 Run both of these and post the logs please Open H... Sep 3 2009, 06:32 PM

baseballnut thanks - as requested! StartupList report, 9... Sep 9 2009, 04:24 AM

ken545 Hi, I see an option to uninstall CA Personal Fire... Sep 9 2009, 10:18 AM

baseballnut Hello, I have gone to the link, but see only upda... Sep 12 2009, 04:59 PM

ken545 Hello, 16 is what you want > Sun issues update... Sep 12 2009, 05:48 PM

ken545 Since this issue appears to be resolved ... this T... Sep 17 2009, 10:20 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] antivirus vista 2010 infection	15	tiancheng	479	Yesterday, 06:46 AM Last post by: Blade81
Infections Removal [Resolved] Extremely Slow	15	Angel2121	495	Yesterday, 05:46 AM Last post by: jpshortstuff
Infections Removal [Resolved] please help	16	jester421	359	20th March 2010 - 09:18 AM Last post by: CatByte
Infections Removal [Resolved] Win32/kryptik.DBX trojan/ SPYWAREPROTECT 2009	6	ROOFIE(MTL)	111	20th March 2010 - 06:42 AM Last post by: CatByte