Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First Timer Hijackthis User


  • This topic is locked This topic is locked
2 replies to this topic

#1 Demondriven

Demondriven

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 19 May 2008 - 05:22 AM

This is my first time using HijackThis Logs. I was hoping for some assurance from an expert that my system is stable and malware free. Thank you for your time.

Deckard's System Scanner v20071014.68
Run by Demondriven on 2008-05-19 03:01:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2008-05-19 10:01:39 UTC - RP324 - Deckard's System Scanner Restore Point
102: 2008-05-18 17:11:59 UTC - RP323 - Ad-Aware Restore Point 2008-05-18 10:11:54
101: 2008-05-18 10:06:03 UTC - RP322 - System Checkpoint
100: 2008-05-17 08:52:52 UTC - RP321 - Software Distribution Service 3.0
99: 2008-05-16 15:26:01 UTC - RP320 - System Checkpoint


-- First Restore Point --
1: 2008-03-14 18:11:15 UTC - RP222 - Installed Optimizer XP


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Demondriven.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:26 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Demondriven\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Demondriven.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2052111302-688789844-839522115-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Devilwoman')
O4 - HKUS\S-1-5-21-2052111302-688789844-839522115-1005\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe" /m (User 'Devilwoman')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195122616074
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197906676312
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 7243 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 tcaicchg - c:\windows\system32\tcaicchg.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic/Configuration>
R2 TCAITDI (TCAITDI Protocol) - c:\windows\system32\drivers\tcaitdi.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic TDI Driver>
R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>

S3 ctdvda2k (Creative DVD-Audio Device Driver) - c:\windows\system32\drivers\ctdvda2k.sys (file missing)
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 17:11:04 416 --a------ C:\WINDOWS\Tasks\AWC AutoCare.job
2008-05-18 09:56:58 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-16 17:15:00 402 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-15 12:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-11 22:00:00 358 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 02:43:26 0 dr-h----- C:\Documents and Settings\Devilwoman\Recent
2008-05-19 02:23:37 0 d-------- C:\Program Files\EsetOnlineScanner
2008-05-18 09:55:21 0 dr-h----- C:\Documents and Settings\Demondriven\Recent
2008-05-10 00:09:39 0 d-------- C:\Documents and Settings\Devilwoman\Application Data\LimeWire
2008-05-07 20:23:11 0 d-------- C:\Program Files\Trend Micro
2008-05-06 19:56:19 0 d-------- C:\WINDOWS\pss
2008-05-04 11:21:41 0 d-------- C:\Logs
2008-05-03 12:25:45 0 d-------- C:\Program Files\World of Warcraft
2008-05-03 12:25:45 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-22 22:54:02 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-20 22:21:07 0 d-------- C:\Documents and Settings\Devilwoman\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-05-19 02:16:06 0 d-------- C:\Program Files\RegScrubXP
2008-05-18 03:34:35 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80671102}.dat
2008-05-18 03:34:35 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80671102}.dat
2008-05-17 01:52:21 0 d-------- C:\Documents and Settings\Demondriven\Application Data\WeatherBug
2008-05-10 00:13:19 0 d-------- C:\Program Files\LimeWire
2008-05-07 19:59:48 0 d-------- C:\Documents and Settings\Demondriven\Application Data\LimeWire
2008-05-07 11:36:33 25088 --a------ C:\WINDOWS\system32\tcpipbak.reg
2008-05-07 11:06:38 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 20:32:08 0 d-------- C:\Program Files\Windows Defender
2008-05-06 19:02:41 0 d-------- C:\Documents and Settings\Demondriven\Application Data\mIRC
2008-05-06 18:55:20 0 d-------- C:\Program Files\mIRC
2008-05-06 16:51:12 0 d-------- C:\Program Files\Gus Verdun
2008-05-03 12:25:45 0 d-------- C:\Program Files\Common Files
2008-04-23 00:42:40 0 d-------- C:\Documents and Settings\Demondriven\Application Data\IObit
2008-04-17 11:47:45 0 d-------- C:\Program Files\Diablo II
2008-04-17 10:47:36 0 d-------- C:\Documents and Settings\Demondriven\Application Data\Real
2008-04-17 10:42:36 2418 --a------ C:\WINDOWS\mozver.dat
2008-04-17 10:40:28 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-17 10:40:26 0 d-------- C:\Program Files\Common Files\Real
2008-04-17 10:39:59 0 d-------- C:\Program Files\Real
2008-04-17 08:01:58 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-17 02:06:51 0 d-------- C:\Program Files\iTunes
2008-04-17 02:06:39 0 d-------- C:\Program Files\iPod
2008-04-17 02:05:44 0 d-------- C:\Program Files\Bonjour
2008-04-17 02:05:20 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-15 01:50:36 35449 --a------ C:\WINDOWS\DIIUnin.dat
2008-04-15 01:40:43 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-04-15 01:40:43 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-04-15 01:40:43 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-04-15 01:25:28 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-04-15 01:25:28 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-04-08 19:13:00 0 d-------- C:\Program Files\Winamp
2008-04-08 02:30:53 0 d-------- C:\Program Files\Ad-Aware 2007
2008-04-03 22:51:43 0 d-------- C:\Documents and Settings\Demondriven\Application Data\Winamp
2008-03-31 16:17:16 0 d-------- C:\Program Files\Netflix
2008-03-28 12:57:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-26 08:57:19 0 d-------- C:\Documents and Settings\Demondriven\Application Data\Adobe
2008-03-26 02:59:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 02:58:31 0 d-------- C:\Program Files\Minefield
2008-03-26 02:57:39 0 d-------- C:\Program Files\Java
2008-03-26 00:17:03 0 d-------- C:\Program Files\YouTube Downloader
2008-03-25 11:48:28 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-03-25 11:48:28 0 d-------- C:\Program Files\Microsoft Bootvis
2008-03-25 11:21:28 0 d-------- C:\Documents and Settings\Demondriven\Application Data\Apple Computer
2008-03-25 11:20:22 0 d-------- C:\Program Files\QuickTime
2008-03-25 11:17:06 0 d-------- C:\Documents and Settings\Demondriven\Application Data\Mozilla
2008-03-25 09:51:05 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-25 09:45:24 0 d-------- C:\Program Files\CCleaner
2008-03-24 07:35:12 0 d-------- C:\Documents and Settings\Demondriven\Application Data\ViStart
2008-03-24 02:04:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 03:48:14 2550 --a------ C:\WINDOWS\unins000.dat
2008-03-22 03:47:32 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-22 02:22:56 0 d-------- C:\Documents and Settings\Demondriven\Application Data\IconTweaker
2008-03-22 02:15:35 0 d-------- C:\Program Files\IObit


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 04:10 AM C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 03:54 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 04:10 AM C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 04:02 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/16/2007 05:14 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/16/2007 4:52:41 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"LockTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMyMusic"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"ClearRecentDocsOnExit"=0000000000000000
"NoSaveSettings"=01000000
"NoActiveDesktop"=00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 11:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8130 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-19 03:03:20 ------------

:thumbsup:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.73 MiB / 595.39 MiB
Pagefile Memory (total/avail): 2461.53 MiB / 2098.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 45.67 GiB free.
D: is Fixed (NTFS) - 186.31 GiB total, 87.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3200826A - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-32FSA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Demondriven\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACENCINAS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Demondriven
LOGONSERVER=\\ACENCINAS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Trend Micro\HijackThis;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime Alternative\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
STACKS=0,0
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEMOND~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEMOND~1\LOCALS~1\Temp
USERDOMAIN=ACENCINAS
USERNAME=Demondriven
USERPROFILE=C:\Documents and Settings\Demondriven
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Demondriven (admin)
Devilwoman (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com NIC Diagnostics --> un3cdiag.exe /remove
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digimax 420 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E90931A-1A03-4B96-8BC2-DE88B8195B5A}\Setup.exe" -l0x9
DustBuster 2.9.5.1 --> "C:\Program Files\DustBuster\unins000.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Gus Verdun's IM Tweaks Plugin --> C:\Program Files\Gus Verdun\uninstallimtweaks.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IObit SmartDefrag Beta4.03 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
MGI PhotoSuite III SE (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OB WMP11 --> MsiExec.exe /I{161A6021-8A74-4890-AB9C-2A3A7774B62C}
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
QuickTime Alternative 2.4.0 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3873 / Warning
Event Submitted/Written: 05/19/2008 02:43:32 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3869 / Warning
Event Submitted/Written: 05/18/2008 11:50:35 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3851 / Warning
Event Submitted/Written: 05/17/2008 04:49:05 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3850 / Error
Event Submitted/Written: 05/14/2008 10:29:58 PM
Event ID/Source: 439 / ESENT
Event Description:
wuauclt (2244) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1032.

Event Record #/Type3849 / Error
Event Submitted/Written: 05/14/2008 10:29:58 PM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (2244) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21017 / Error
Event Submitted/Written: 05/19/2008 02:43:45 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type21016 / Error
Event Submitted/Written: 05/19/2008 02:43:36 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type21015 / Error
Event Submitted/Written: 05/19/2008 02:00:13 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type21011 / Error
Event Submitted/Written: 05/18/2008 11:57:09 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type21010 / Warning
Event Submitted/Written: 05/18/2008 11:33:18 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-05-19 03:03:20 ------------

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 29 May 2008 - 06:22 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

Are you having any malware issues? All I can see in the HJT log is:

1) An Antivirus program that is going to expire on 5/31/2008, you should have been prompted to update by now. If you need the link to AVG 8 Free, here it is:
http://www.filehippo.com/download_avg_antivirus/

2) you also have a slightly out of date Java Program, see this:
http://forums.spybot.info/showpost.php?p=1...amp;postcount=2

If you are having malware issues, post a new HijackThis log using Add Reply.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 06 June 2008 - 04:11 AM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users