New User With Log

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

New User With Log, can anyone help?

Options

sylore View Member Profile	Jun 11 2008, 11:19 PM Post #1
New Member Group: Members Posts: 1 Joined: 11-June 08 Member No.: 215,703	bloatware, malware, spyware, adware... it's all getting me bogged down so i'm posting this hijack this log and hoping someone will be kind enough to identify issues with what's running on my computer. thanks for your help StartupList report, 6/12/2008, 12:14:39 AM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16674) ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE F:\spyware\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\System32\svchost.exe D:\Programs\ScanSoft\OmniPageSE4\OpwareSE4.exe D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\wuauclt.exe D:\Programs\ZoneAlarm\zlclient.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programs\Desktop Calendar\Desktop Calendar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\Uniblue\RegistryBooster 2\RegistryBooster.exe D:\Programs\Dragon\Program\natspeak.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\PROGRAMS\MOZILL~1\FIREFOX.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Leah\Start Menu\Programs\Startup] Dragon NaturallySpeaking.lnk = D:\Programs\Dragon\Program\natspeak.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] APC UPS Status.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install Logitech Utility = Logi_MwX.Exe Disk Monitor = C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe Kernel and Hardware Abstraction Layer = KHALMNPR.EXE QuickTime Task = "D:\Programs\QuickTime\qttask.exe" -atboottime LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe" VX3000 = C:\WINDOWS\vVX3000.exe CanonSolutionMenu = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot OpwareSE4 = "D:\Programs\ScanSoft\OmniPageSE4\OpwareSE4.exe" Acrobat Assistant 8.0 = "D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe" Adobe Reader Speed Launcher = "D:\Programs\Adobe\Reader 8.0\Reader\Reader_sl.exe" ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start DNS7reminder = "D:\Programs\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini ZoneAlarm Client = "D:\Programs\ZoneAlarm\zlclient.exe" SecurDisc = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe InCD = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Desktop Calendar = D:\Programs\Desktop Calendar\Desktop Calendar.exe swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe LaunchList = D:\Programs\Pinnacle\Studio 11\LaunchList2.exe Uniblue RegistryBooster 2 = d:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - f:\spyware\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} Ipswitch.WsftpBrowserHelper - C:\Program Files\WS_FTP\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B} (no name) - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - D:\Programs\Acrobat Prof\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job McDefragTask.job McQcTask.job Microsoft_Hardware_Launch_vVX3000_exe.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = D:\Programs\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [McAfee.com Operating System Class] InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1144541247171 [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [DwnldGroupMgr Class] InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll CODEBASE = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [PopCapLoader Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll CODEBASE = http://download.games.yahoo.com/games/web_...aploader_v6.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 10,989 bytes Report generated in 0.062 seconds

ken545 View Member Profile	Jul 5 2008, 05:47 AM Post #2
HJT Team Group: HJT Team Posts: 877 Joined: 23-September 04 From: Darien, CT Member No.: 2,982	Hello sylore Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post. Download Trendmicros Hijackthis to your desktop. Double click it to install Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe Open HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is Unchecked Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread. DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. -------------------- Consumer Security 2007 Visit My Website Please consider a donation to help me keep up my fight against malware.

ken545 View Member Profile	Aug 2 2008, 11:08 PM Post #3
HJT Team Group: HJT Team Posts: 877 Joined: 23-September 04 From: Darien, CT Member No.: 2,982	Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic. -------------------- Consumer Security 2007 Visit My Website Please consider a donation to help me keep up my fight against malware.

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 15th October 2008 - 09:00 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides