 Log Check Please |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Jul 12 2007, 07:21 PM
Post
#1
|
|
 Forum Regular  Group: Members Posts: 174 Joined: 14-May 06 Member No.: 68,078  |
Hello all
I need to have someone look over this log for me if you will. Most of my programs are not showing in add/remove only a hand full maybe 8 or so. here is My log any insight or guidance would be most certainly appreciated. Logfile of HijackThis v1.99.1 Scan saved at 10:28:59 AM, on 7/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE C:\WINDOWS\system32\umonit.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Matthew\Desktop\HijackThis\hjt.bat.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BHNXVIFDQ - Unknown owner - C:\DOCUME~1\Matthew\LOCALS~1\Temp\BHNXVIFDQ.exe (file missing) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing) O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Thanks again in adavance D_N_M |
 |
 
|
Posts in this topic
D_N_M Log Check Please Jul 12 2007, 07:21 PM
Papakid Hi D_N_M,
i see you have a log posted in another ... Jul 17 2007, 09:30 PM D_N_M hello Papakid and thank you for taking the time to... Jul 17 2007, 10:02 PM Papakid OK--so was the Add/Remove problem solved when you ... Jul 17 2007, 10:41 PM D_N_M The random named files being generated was a probl... Jul 18 2007, 05:08 AM Papakid OK, well you do seem to have some malware that I h... Jul 18 2007, 11:12 AM D_N_M Papakid
I did the precleaning as asked
I h... Jul 18 2007, 04:47 PM D_N_M Here is the HJT log Thanks again for your help and... Jul 18 2007, 04:50 PM Papakid Thanks for posting to the other forums. My apolog... Jul 19 2007, 01:25 PM D_N_M Hello Papakid
I did the removal but the tool on th... Jul 19 2007, 05:08 PM Papakid Sorry again for the delay.
Your firewall situatio... Jul 20 2007, 02:10 AM D_N_M Hello Papakid
I submitted the file from from combo... Jul 20 2007, 10:09 AM Papakid Please post the CF log from C:\ComboFix.txt a... Jul 20 2007, 12:44 PM D_N_M Sorry I missed that one
"Matthew" - 200... Jul 20 2007, 01:11 PM Papakid OK, CF was unable to copy CO_Mon.sys to the zip yo... Jul 21 2007, 11:51 PM D_N_M Hello Papakid
Here are the reports
GMER 1.0.13.1... Jul 22 2007, 07:16 AM Papakid Well, the good news is that your system appears to... Jul 23 2007, 09:28 PM D_N_M Hello Papakid
I have not tried system restore as... Jul 24 2007, 07:22 PM Papakid Sorry again for the long delay.
You can read how ... Jul 27 2007, 01:36 PM D_N_M Hello Papakid
I went to system restore but made a... Jul 28 2007, 06:28 PM Papakid OK, sorry, I should have given you specific steps ... Jul 29 2007, 10:33 PM D_N_M Hello Papakid
I did turn the system restore off th... Jul 30 2007, 04:20 PM D_N_M Well Papakid it's been 5 days since your last ... Aug 4 2007, 07:53 PM Papakid Sorry for the delay. There is not a whole lot I ... Aug 5 2007, 09:34 PM D_N_M Hello Papakid
Will look into another XP CD
as far... Aug 6 2007, 05:55 PM
Papakid Well, your logs all look clean as far as being fre... Aug 7 2007, 12:21 AM  |
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 08:21 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.