Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This Log

Started by squid360 , Aug 28 2006 04:57 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 28 August 2006 - 04:57 AM

My pc is slow and sometimes it completely freezes. its pentium 4, 3.0 ghz, 512mb of ram. Help greatly appreciated, i'm new to the site.


Logfile of HijackThis v1.99.1
Scan saved at 7:46:52 PM, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\*** ******\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: RK Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...820/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE38C36-2196-4E21-A83C-C934EEC1BA63}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by squid360, 28 August 2006 - 05:40 AM.

 

  • BC Ads
  • BleepingComputer.com

#2 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 29 August 2006 - 12:56 AM

someone?

#3 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 29 August 2006 - 02:07 AM

Sorry. I know you're volunteers. Thanks for offering a great free service. Also, I don't know what's wrong with my PC. probably nothing.

#4 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 29 August 2006 - 03:18 AM

Also, spybot often finds the ***e thing, deletes it then finds it again.

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Malware Response Team
  • PipPipPipPipPipPip
  • 17,382 posts
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 31 August 2006 - 10:48 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
Sorry for the delay. It's been really busy around here lately.

Your log looks clean to me. But if you want to post the log from Spybot I can take a look.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 01 September 2006 - 08:33 PM

I'm sure it's clean (kind of) but here's my spybot log. Also, my browser (firefox) is occasionally redirected to weird websites.



--- Report generated: 2006-08-28 18:07 ---

Cache: Cache (543) (Cache, nothing done)


Common Dialogs: History (14 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Cookie: Cookie (61) (Cookie, nothing done)


Google Toolbar: Recent search list (12 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Google\NavClient\1.1\History

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Internet Explorer\Download Directory!=

Internet Explorer: Typed URL list (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Last mapped application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name!=

MS DirectInput: Last mapped application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID!=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Office 11.0 (Cliparts): Last search made (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query

MS Office 11.0 (Excel): Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Office Startup Assistant): Last search location (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Osa\FindFile\Place

MS Office 11.0 (Office Startup Assistant): Last template location (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Osa\FileNew\Place

MS Office 11.0 (Picture Manager): Last selected folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\OIS\Options\LastTreeSelection

MS Office 11.0 (PowerPoint): Recent animation list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\PowerPoint\RecentAnimationList

MS Office 11.0 (Publisher): Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Publisher\Recent File List

MS Office 11.0 (Word): Memo wizard details (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Word\Wizards\Memo Wizard

MS Office 11.0 (Word): Agenda wizard details (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Word\Wizards\Agenda Wizard

MS Office 11.0 (Word): Calendar wizard details (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Word\Wizards\Calendar Wizard

MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Paint: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Search Assistant\ACMru

Paint Shop Pro 5: Save copy directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\JASC\Paint Shop Pro 5\General\SaveCopyDirectory!=

Paint Shop Pro 5: Browse directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\JASC\Paint Shop Pro 5\Browser\BrowseDir!=

Paint Shop Pro 5: Image directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\JASC\Paint Shop Pro 5\General\ImageDirectory!=

Paint Shop Pro 5: Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\JASC\Paint Shop Pro 5\Recent File List

Paint Shop Pro 5: Save as directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\JASC\Paint Shop Pro 5\General\SaveAsDirectory!=

Real Jukebox 1.0: Last Import wizard folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\RealNetworks\RealJukebox\1.0\Preferences\ImportWizardPath!=

RealOne Player 2 (aka RealPlayer 6.0): Most recent skins #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1\!=

RealOne Player 2 (aka RealPlayer 6.0): Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\!=

Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Explorer: Last visited history (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent wallpaper list (417 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Run history (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history (17 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files (393 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE (93 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows.OpenWith: Open with list - .CLP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLP\OpenWithList

Windows.OpenWith: Open with list - .ASF extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-771282678-2295975026-2539839473-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=


--- Spybot - Search && Destroy version: 1.3 ---
2006-08-25 Includes\Cookies.sbi
2006-08-25 Includes\Dialer.sbi
2006-08-25 Includes\Hijackers.sbi
2006-08-25 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2006-08-25 Includes\Malware.sbi
2006-08-25 Includes\PUPS.sbi
2006-08-25 Includes\Revision.sbi
2006-08-25 Includes\Security.sbi
2006-08-25 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-08-25 Includes\Trojans.sbi

Edited by squid360, 01 September 2006 - 08:35 PM.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Malware Response Team
  • PipPipPipPipPipPip
  • 17,382 posts
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 02 September 2006 - 07:23 PM

That doesn't show me any malware that would be causing you problems.
Let's take a look at a more detailed log and see what shows up.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 September 2006 - 04:12 AM

Thanks for the help. Also, spybot works again. I updated it from 1.3 to 1.4.
Here's the log.


*** ****** - 06-09-03 19:08:06.25
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\*** ******\My Documents

((((((((((((((((((((((((((((((( Files Created from 2006-08-03 to 2006-09-03 ))))))))))))))))))))))))))))))))))


2006-08-06 07:18 <DIR> d-------- C:\WINDOWS\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-03 18:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-02 09:10 -------- d-------- C:\Program Files\Warcraft III
2006-09-01 18:39 -------- d-------- C:\Program Files\MSN
2006-09-01 17:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-01 09:14 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-31 22:31 -------- d-------- C:\Program Files\Paint Shop Pro 5
2006-08-27 13:12 -------- d-------- C:\Program Files\Common Files
2006-08-25 16:53 -------- d-------- C:\Program Files\Google
2006-08-18 18:54 -------- d-------- C:\Documents and Settings\*** ******\Application Data\SiteAdvisor
2006-08-18 16:40 -------- d-------- C:\Documents and Settings\*** ******\Application Data\Technology Lighthouse
2006-08-17 19:01 -------- d-------- C:\Program Files\Ashampoo
2006-08-17 18:40 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-16 19:51 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-06 11:41 -------- d-------- C:\Documents and Settings\*** ******\Application Data\Zoner
2006-07-27 23:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-23 10:51 -------- d-------- C:\Program Files\Symantec
2006-07-22 17:44 -------- d-------- C:\Program Files\Internet Explorer
2006-07-22 14:25 -------- d-------- C:\Documents and Settings\*** ******\Application Data\Real
2006-07-21 18:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-19 19:56 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-19 19:56 -------- d-------- C:\Program Files\Common Files\Real
2006-07-08 17:32 532480 --a------ C:\Program Files\cwshredder.exe
2006-07-08 12:20 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-07-08 12:20 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-07-08 08:45 -------- d-------- C:\Program Files\Adobe
2006-06-23 09:28 5512704 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\SYSTEM32\idndl.dll
2006-06-19 15:18 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-06-19 15:18 20480 --------- C:\WINDOWS\SYSTEM32\normaliz.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - ***** ******.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A1516A6E-4DE8-4C9A-A6EE-B63B0904D1FE}.job

Completion time: Sun 03/09/2006 19:08:50.42
ComboFix.txt
ComboFix2.txt

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Malware Response Team
  • PipPipPipPipPipPip
  • 17,382 posts
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 03 September 2006 - 01:42 PM

That log is clean also.
I don't find any signs of malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 squid360

squid360

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 September 2006 - 02:01 AM

Thanks for all the help.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Malware Response Team
  • PipPipPipPipPipPip
  • 17,382 posts
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 04 September 2006 - 06:50 PM

You're welcome! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·