Hijack This log and Malware Found – FREEZING UP

Topic

New Reply

I am going to give you as much info that I am able
I have attached my HIJACK THIS Log below

I am not sure how/if it all relates but here it is
Also not sure if I am in the right forum but I thought I would start here

The quick version – A synopsis of what happened
My screen went black one day and I had a techie “restore” it
It seemed to work okay but was freezing up regularly and now is freezing up several times a day
It seems to be be most affected when I have stuff on the clipboard and/or I am online
I brought it back to him and he says it seems fine

I multitask and always seem to have many windows opened simultaneously and it has never happened before. Early on when I multitasked it seemed to freeze up but now it is freezing all the time with only one program opened but I am always online

ACTIONS TAKEN
I have done the following
Defragged, checked for viruses (see below) and then he did the same and also checked for corrupted sectors
I do have loads of pictures on the computer so I thought that maybe there was too little memory but there is over 50% of memory remaining

MALWARE FOUND
After this blackout happened I had one of the those pop ups where the simulated window screen flashes that you have several threats etc and says you need to download this to get rid of the threats etc
The second time it popped up I wrote down the file name in the Run this file pop-up and found it to be malware
I purchased PREVX 3.0 to remove it but the computer is still freezing

This is what they wanted to install – I have a screen shot of the pop up if that will help

Pack_40S10.exe
The IE window pops up with the http://www.scannerspy08.com
The a realistic Window Security Alert pops up in that window

I went in and googled the Pack_40S10.exe and found that others found it was a Cloaked Malware and they had luck removing it with PREVX3.0 so I bought that and removed it but I cant tell for certain … as I searched for it in the SEARCH window b4 I deleted and it did not appear

SOME WEIRD THINGS THAT HAVE HAPPENED
I have those dings go off twice everytime shortly after I turn on the computer. It is the bell like I am trying to complete a process that won’t work – it dings twice in a row and then not again

MY COMPUTER
Laptop is IBM Think Pad – Windows XP 2G

Thanks
Kate

Reply | Quote

Replies

I am going to give you as much info that I am able
I have attached my HIJACK THIS Log below

I don’t see any attached HJT log, but it is interesting to find your same post Copy of your post HERE

Hey Jude

Reply | Quote

Hey Jude

DId I break any rules?
I am very frustrated and thought I could find some help online
Please advise

Reply | Quote

DId I break any rules?
I am very frustrated and thought I could find some help online
Please advise

Hi Kate,
No – you didn’t break any rules. But have a look at this thread for some links to sites that specialize in Hijack This logs. It’s probably better to try one of those sites. Good Luck.

Reply | Quote

…
DId I break any rules?
…

You didn’t break any rules, but it is usually considered courteous to say that you have posted the question in multiple places.

Reply | Quote

I attached the log – so maybe i am notdoing it propery

here it is pasted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:45 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesComodoCBOCleanBOCORE.exe
C:Program FilesPrevxprevx.exe
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesPrevxprevx.exe
C:WINDOWSExplorer.EXE
C:Program FilesLenovoSystem UpdateSUService.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
C:Program FilesThinkPadUltraNav WizardUNavTray.EXE
C:WINDOWSsystem32RunDll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesLenovoPkgMgrHOTKEYTPONSCR.exe
C:Program FilesLenovoPkgMgrHOTKEY_1TpScrex.exe
C:PROGRA~1ComodoCBOCleanBOC427.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsUserDesktop1&1 EasyLoginEasyLogin.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG8avgssie.dll
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 – HKLM..Run: [TVT Scheduler Proxy] C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
O4 – HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 – HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [TP4EX] tp4ex.exe
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 – HKLM..Run: [SoundMAX] “C:Program FilesAnalog DevicesSoundMAXSmax4.exe” /tray
O4 – HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 – HKLM..Run: [TPHOTKEY] C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
O4 – HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 – HKLM..Run: [BMMGAG] RunDll32 C:PROGRA~1ThinkPadUTILIT~1pwrmonit.dll,StartPwrMonitor
O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
O4 – HKLM..Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
O4 – HKLM..Run: [BOC-427] C:PROGRA~1ComodoCBOCleanBOC427.exe
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:Program FilesCommon FilesAheadlibNMBgMonitor.exe”
O4 – HKCU..Run: [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
O4 – HKCU..Run: [1&1 EasyLogin] C:Documents and SettingsUserDesktop1&1 EasyLoginEasyLogin.exe
O4 – Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/ge…nt/swflash.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG8avgpp.dll
O20 – Winlogon Notify: avgrsstarter – C:WINDOWSSYSTEM32avgrsstx.dll
O23 – Service: AVG Anti-Spyware Guard – Anti-Malware Development a.s. – C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 – Service: AVG Free8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:PROGRA~1AVGAVG8avgemc.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 – Service: BOCore – COMODO – C:Program FilesComodoCBOCleanBOCORE.exe
O23 – Service: CSIScanner – Prevx – C:Program FilesPrevxprevx.exe
O23 – Service: ThinkPad PM Service (IBMPMSVC) – Lenovo – C:WINDOWSsystem32ibmpmsvc.exe
O23 – Service: Intuit Update Service (IntuitUpdateService) – Intuit Inc. – C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 – Service: System Update (SUService) – Lenovo Group Limited – C:Program FilesLenovoSystem UpdateSUService.exe
O23 – Service: ThinkVantage Registry Monitor Service – Lenovo Group Limited – C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
O23 – Service: IBM KCU Service (TpKmpSVC) – Unknown owner – C:WINDOWSsystem32TpKmpSVC.exe
O23 – Service: TVT Scheduler – Lenovo Group Limited – C:Program FilesCommon FilesLenovoSchedulertvtsched.exe

—
End of file – 7361 bytes

Reply | Quote

Hi Katiebee :

I do not know IF you are still watching this thread, but in case you are, I offer the following .Prevx calls your “Pack____”
“Cloaked Malware” ; that usually means a “Rootkit” is involved and they are usually difficult to “detect”, then remove . The Best FREE Rootkit “Detector” is the FREE “GMER” program ; however, “Logs” from this program are best analyzed by an
experienced, CERTIFIED, Volunteer “Malware Removal Specialist” found on Advanced Malware Removal Forums, such as the
One at http://www.geekstogo.com .

In your current situation, I would start by running scans of the 2 best ( and FREE ) antimalware programs nowadays, namely
Malwarebytes Anti-Malware ( http://www.malwarebytes.org/mbam.php ) and “SUPERAntiSpyware” ( http://www.superantispyware.com ),
BOTH of which come in FREE Version(s) . They BOTH are much better than that AVG AntiSpyware program your HijackThis
log shows you have on your computer . The “Log” also shows you have an out-of-date AVG antiVIRUS program, which at a
minimum should be UPDATED/UPGRADED, though I recommend the FREE Avast Antivirus Home Edition, avaiable at
http://www.avast.com .

Your HijackThis log also shows you have the continuely malware-prone Adobe Reader . I recommend the SAFER and
FREE “Foxit Reader” .

Reply | Quote