LordFett Posted November 24, 2008 Share Posted November 24, 2008 (edited) I am working on a friend's laptop. He said his firefox started taking up huge ammounts of memory after running for a while so he started using Chrome. Now firefox crashes upon opening, it never gets as far as an actual browser opening, it just goes right to the crash report. chrome on the otherhand will open and try to load the last page visited or the start page then within 30 seconds it crashes.Opera is running fine, IE runs ok but after 30 minutes or so it slows way down. I've scanned the system with NOD32, Avast!, Clamav, Adaware, PCTools Spyware Doctor, Spybot S&D and Malwarebytes anti-malware. Only thing that has been picked up by anything has been tracking cookies.System is a Lenovo/IBM x40 laptop running XP SP3.Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:09 AM, on 24-Nov-08Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEC:\WINDOWS\runservice.exeC:\WINDOWS\system32\RegSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Lenovo\TrackPoint\tp4serv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\WINDOWS\system32\TpScrLk.exeC:\Program Files\NETGEAR\WN511B\Utility\WN511B.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Opera\opera.exeC:\Program Files\Pidgin\pidgin.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exeO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressbootO4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hideO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe--End of file - 6303 bytes Edited November 24, 2008 by LordFett Link to comment Share on other sites More sharing options...
LordFett Posted November 24, 2008 Author Share Posted November 24, 2008 Ran rootkitrevealer, found quite a few things. Looking for a reliable rootkit remover now. Link to comment Share on other sites More sharing options...
LordFett Posted November 24, 2008 Author Share Posted November 24, 2008 HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 24-Nov-08 2:52 PM 80 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Chrome Crash.doc.LNK 24-Nov-08 2:54 PM 454 bytes Hidden from Windows API.C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Jedi Handbook 13a.doc.LNK 06-Oct-08 11:05 AM 1.05 KB Visible in Windows API, but not in MFT or directory index.C:\Documents and Settings\nocturne\Desktop\Chrome Crash.doc 24-Nov-08 2:54 PM 20.50 KB Hidden from Windows API.C:\Documents and Settings\nocturne\Local Settings\Temp\mmc12627FA0.xml 24-Nov-08 2:28 PM 0 bytes Visible in Windows API, but not in MFT or directory index.C:\Documents and Settings\nocturne\Local Settings\Temp\~DF4E61.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.C:\Documents and Settings\nocturne\Local Settings\Temp\~DFAD88.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.C:\Documents and Settings\nocturne\Recent\Chrome Crash.doc.lnk 24-Nov-08 2:54 PM 522 bytes Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083857.ini 24-Nov-08 1:10 PM 12.11 KB Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083858.ini 24-Nov-08 1:10 PM 22.85 KB Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083859.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083860.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083861.dir 24-Nov-08 1:10 PM 2.13 KB Hidden from Windows API.C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083862.ini 23-Nov-08 10:41 PM 3.79 KB Hidden from Windows API.These are the two that I'm most worried about:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.As this is when things really stopped working.I've run Panda's antirootkit, rootkit buster, rootkit detective, removeany. I'm running gmer now. Link to comment Share on other sites More sharing options...
puntoMX Posted November 25, 2008 Share Posted November 25, 2008 Anti-malware won´t fix this as the damage is already done, anti-malware is mostly made to prevent damages of data.You can try to fix this but it will take you a long time; I would advise you to backup and reinstall the system other than loosing time searching where the real fault is hiding. You never know what is damaged beside those 2 files showing up in Hijackthis. Link to comment Share on other sites More sharing options...
Tarun Posted November 25, 2008 Share Posted November 25, 2008 Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide.SUPERAntiSpyware and Malwarebytes Anti-Malware will both be useful. Link to comment Share on other sites More sharing options...
LordFett Posted November 25, 2008 Author Share Posted November 25, 2008 Thanks Tarun, I had already download your stuff but hadn't installed it yet. That was going to be my next step and then reinstalling the OS. Link to comment Share on other sites More sharing options...
StaffnRod Posted November 25, 2008 Share Posted November 25, 2008 (edited) To Lordfett ... I had same symptons you describe on a Laptop FF3.x w/ chromeAs a relative Newbie, I didn't go thru all you did to remedy but I saw posts elsewhere *noting same.. some gave up back to IE6 or 7 ..as I am on another machine.One thing I saw also related to the FlashGot plugin -- which I try to find an equiv. for in IE* Maybe this compile due FF helps:Firefox3 crashes Edited November 26, 2008 by StaffnRod Link to comment Share on other sites More sharing options...
LordFett Posted November 26, 2008 Author Share Posted November 26, 2008 Ok ran everything in your tool kit Tarun.Here is my new Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:48 PM, on 25-Nov-08Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEC:\WINDOWS\system32\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\UPHClean\uphclean.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Lenovo\TrackPoint\tp4serv.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\WINDOWS\system32\TpScrLk.exeC:\Program Files\NETGEAR\WN511B\Utility\WN511B.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exeC:\DOCUME~1\nocturne\LOCALS~1\Temp\BGQT.exeC:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exeO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressbootO4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hideO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: BOAHY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\nocturne\LOCALS~1\Temp\BOAHY.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe--End of file - 6040 bytesAnd rootkit revealer:HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)Same problems, Firefox won't open at all now though and Chrome is being super crashtastic. Link to comment Share on other sites More sharing options...
Tarun Posted November 26, 2008 Share Posted November 26, 2008 Rename HijackThis to scanner.exe and check again, reposting your log. Link to comment Share on other sites More sharing options...
LordFett Posted November 26, 2008 Author Share Posted November 26, 2008 Rename HijackThis to scanner.exe and check again, reposting your log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:00:38 AM, on 26-Nov-08Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEC:\WINDOWS\system32\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\UPHClean\uphclean.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Lenovo\TrackPoint\tp4serv.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\WINDOWS\system32\TpScrLk.exeC:\Program Files\NETGEAR\WN511B\Utility\WN511B.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Opera\opera.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\scanner.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exeO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressbootO4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hideO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXEO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe--End of file - 5856 bytes Link to comment Share on other sites More sharing options...
Tarun Posted November 26, 2008 Share Posted November 26, 2008 Did SUPERAntiSpyware or Malwarebytes find anything?You log appears clean.Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut. Link to comment Share on other sites More sharing options...
LordFett Posted November 26, 2008 Author Share Posted November 26, 2008 Did SUPERAntiSpyware or Malwarebytes find anything?SUPERAntiSpyware might have found some tracking cookies, malwarebytes found nothing.You log appears clean.That is what I thought.Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut.Restarted it with all add-ons disabled and it started. I ran an update and everything was up to day except for noscript.List of add-ons:AdblockBroadband Speed Test and DiagnosticDomain DetailsForecastfoxFoxmarksGmail ManagerGmail SpaceIE TabJava Quick Starter (not sure about this one, I don't remember installing it for him nor does he remember it)NoscriptSpeed DialAny idea about Chrome? I'm going to try and reinstall it shortly.I reenabled all of the addons in FX3 save the Java quick starter and it came right up. Link to comment Share on other sites More sharing options...
StaffnRod Posted November 26, 2008 Share Posted November 26, 2008 Not wanting to butt in, although I found much of what Tarun mentions and your noted Add-ons are covered and ..Thought Maybe this compile of links due FF Crashes helps: http://www.blogsdna.com/430/9-fix-for-fire...ing-problem.htmNow I have to decide if its worth it to go FFox just to enable use of FlashGot...as it doesn't look like I'm getting any replies to my 'FlashGot..equiv. plugin for IE7'topic posted in MSNF ... Link to comment Share on other sites More sharing options...
LordFett Posted November 27, 2008 Author Share Posted November 27, 2008 Well since I started running Firefox without that java plugin both FX3 and Chrome are running fine.thanks for the help Tarun and that link Staffnrod. Link to comment Share on other sites More sharing options...
StaffnRod Posted November 27, 2008 Share Posted November 27, 2008 Well since I started running Firefox without that java plugin both FX3 and Chrome are running fine.thanks for the help Tarun and that link Staffnrod.WaLa ... one hand does feed the otherYour discovery / mention of the Java script plugin issue, may well be the reason BIG poor perf. / FX crashes on my other Laptop, gave hesitation to my reasoning... to move back to FFox3 currentlyFurther investigation ongoing.. w/ all help/guidance as posted aboveTHX Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now