| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117123 | 2011-04-03 09:34:00 | HJT for Speedy | lakewoodlady (103) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1191685 | 2011-04-03 09:34:00 | Please can you have a squiz at this for me. I have somebody who has a prob with MSSE. Somehow it is deactivated itself. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:00:13 p.m., on 3/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.xtramsn.co.nz O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{575A4F7A-241D-47CB-BA80-E87CCFC20F85}: NameServer = 203.152.110.137 203.152.110.138 O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 4831 bytes TIA. LL |
lakewoodlady (103) | ||
| 1191686 | 2011-04-03 09:40:00 | I would remove spybot and adaware. Use malwarebytes instead You can tick these then tick fix checked. Close browsers. Or use ccleaner and delete them in tools / startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Teatimer (part of Spybot) maybe stopping MSE. Or something. Since it can block things If messenger has been uninstalled, you can tick these O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) What does MSE say, when you try and turn it on? |
Speedy Gonzales (78) | ||
| 1191687 | 2011-04-03 09:58:00 | I am trying to help someone who has a problem with MSSE not turning green at startup. She has run a scan with Malwarebytes and it found the following: Pum Disabled Security Registry Data Hkey_Local_machine\Software|Microsoft Security. I thought it may have something to do with the problem. Funny, I can't see any reference to Malwarebytes in the logfile. I will give her your findings and see if it will fix the problem. Many thanks. LL |
lakewoodlady (103) | ||
| 1191688 | 2011-04-03 10:17:00 | According to this (forums.malwarebytes.org) What it detected is not a threat but registry entries that show that your Windows Security Center's notifications are disabled. This by itself is not dangerous , not malicious However as that site says if the firewall comes up asking to unblock something as well, thats a different matter. So MSE isnt disabled |
Speedy Gonzales (78) | ||
| 1191689 | 2011-04-05 23:12:00 | Sorry not to get back sooner. First of all thank you for your advice on the HJT log. The person I am trying to help has just got back to me and all she's said is that she has removed Spybot and nothing else. (Not Computer literate.) So, I have asked her questions to find out exactly what she has done. Hopefully she will answer them all. Apparently Malwarebytes had quarantened the suspect file so that is good. She says that MSSE is still not turning green on boot up, so she has to restart the computer, then it changes from red to green. I have suggested to her to uninstall and then re install it. Will see how that goes. Cheers LL |
lakewoodlady (103) | ||
| 1 | |||||