Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijack this log -

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Hijack this log -

Unread postby m_baggley » April 6th, 2008, 6:44 am

Hi there,

Did as requested, removed the java thingy! Doesn't seem to have changed anything, computer response is still incredibly slow and programs freezing and not responding. Anything else that I can do? What about the problems that the kasperksky scan found?

Matt
m_baggley
Active Member
 
Posts: 14
Joined: March 28th, 2008, 4:18 pm
Top
Advertisement
Register to Remove

Re: Hijack this log -

Unread postby ndmmxiaomayi » April 6th, 2008, 7:07 am

Hi,

Those files are fine.

Before ruling out it to be a technical issue, I will need to run another scan.

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit/Malware tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

Please post the Gmer report in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Hijack this log -

Unread postby m_baggley » April 6th, 2008, 10:04 am

Hello again, managed to get the GMER downloaded eventually. Here is the log. Thanks

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-06 14:55:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 85DD87B0 ZwAlertResumeThread
SSDT 85E805A8 ZwAlertThread
SSDT 85CE7160 ZwAllocateVirtualMemory
SSDT 85DFC518 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF1946EE0]
SSDT 85E8ECD8 ZwCreateMutant
SSDT 85E98D18 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF1947160]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF19476C0]
SSDT 85DE8B98 ZwFreeVirtualMemory
SSDT 85DF1910 ZwImpersonateAnonymousToken
SSDT 85DD6008 ZwImpersonateThread
SSDT 85EFD188 ZwMapViewOfSection
SSDT 85CFA840 ZwOpenEvent
SSDT 85EA5C90 ZwOpenProcessToken
SSDT 85CF1638 ZwOpenThreadToken
SSDT 85DDB008 ZwResumeThread
SSDT 85F2A348 ZwSetContextThread
SSDT 85E03730 ZwSetInformationProcess
SSDT 85CFAD78 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF1947910]
SSDT 85D95910 ZwSuspendProcess
SSDT 85CEBD38 ZwSuspendThread
SSDT 85E8E4F0 ZwTerminateProcess
SSDT 85EFDAF8 ZwTerminateThread
SSDT 85EB95A8 ZwUnmapViewOfSection
SSDT 85E7F378 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CFA 80503AAE 2 Bytes [ DD, 85 ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[2956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe[3868] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a9a41a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a9a41a@0012d2531787 0xD6 0xEB 0x40 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a9a41a
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a9a41a@0012d2531787 0xD6 0xEB 0x40 0x8A ...

---- EOF - GMER 1.0.14 ----
m_baggley
Active Member
 
Posts: 14
Joined: March 28th, 2008, 4:18 pm
Top

Re: Hijack this log -

Unread postby ndmmxiaomayi » April 6th, 2008, 12:59 pm

Hi,

The Gmer log looks fine.

A couple of programs can be disabled from startup to speed it up slightly. Let me know if you want to remove them.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Hijack this log -

Unread postby m_baggley » April 6th, 2008, 1:55 pm

Hi,

Yes please, let me know and I will give it a go. If this doesn't make any difference, does that suggest that perhaps there are some hardware problems?

Matt
m_baggley
Active Member
 
Posts: 14
Joined: March 28th, 2008, 4:18 pm
Top

Re: Hijack this log -

Unread postby ndmmxiaomayi » April 6th, 2008, 2:32 pm

Hi,

First, download and install Winpatrol from here - http://www.winpatrol.com/download.html

After installing it, select the Startup Programs tab. Select the program and click on Disable.

These programs can be safely disabled.

  • QuickTime Task - related to Apple's Quicktime Player.

  • TkBellExe - related to Real Player.

  • iTunesHelper - Apple's iTunes Player.

  • ATICCC - Note: If you change your graphics settings regularly, it's best not to disable it.

  • SoundMan - Realtek audio settings on your system tray (near the clock). With a right click, you can easily change the settings, for example, to give a cinema feel when playing audio. If you like those effects and want an easy access, you can disable it. If you have no need for it, it can be disabled. After disabling it, you can find an icon on your Control Panel to configure it.

  • BluetoothAuthenticationAgent - If you don't use Bluetooth, this can be disabled.

  • swg - This is Google's Toolbar Notifier. If you hardly use this feature, this can be disabled.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Hijack this log -

Unread postby m_baggley » April 9th, 2008, 5:05 am

Hi there,

Apologies for the late reply. Whilst this hasn't resolved my problem, I would like to thank you for your help in this. It is much appreciated.

Many thanks

Matt
m_baggley
Active Member
 
Posts: 14
Joined: March 28th, 2008, 4:18 pm
Top

Re: Hijack this log -

Unread postby ndmmxiaomayi » April 9th, 2008, 6:45 am

Hi,

The last I can recommend is to replace Norton with better alternatives that aren't as resource hungry as Norton. However, if you have paid for Norton, you might not want to consider it now until Norton subscription ends.

Please install only ONE antivirus and firewall.

Free antivirus to replace Norton Antivirus

avast! 4 Home Edition
AntiVir Free Edition

Paid antivirus to replace Norton Antivirus

Eset NOD32 Antivirus 3.0

Free firewalls to replace Norton Firewall

Online Armor
Comodo Personal Firewall
Sunbelt Kerio
Sygate Personal Firewall Free

Paid firewalls

Online Armor
Sunbelt Kerio
Outpost Pro
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Hijack this log -

Unread postby askey127 » April 20th, 2008, 5:26 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top
Advertisement
Register to Remove
Previous
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 320 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index