Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New User With Log

  • This topic is locked This topic is locked
2 replies to this topic

#1 sylore


  • Members
  • 1 posts
  • Local time:03:18 PM

Posted 11 June 2008 - 11:19 PM

bloatware, malware, spyware, adware... it's all getting me bogged down so i'm posting this hijack this log and hoping someone will be kind enough to identify issues with what's running on my computer.
thanks for your help

StartupList report, 6/12/2008, 12:14:39 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

F:\spyware\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Programs\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Leah\Start Menu\Programs\Startup]
Dragon NaturallySpeaking.lnk = D:\Programs\Dragon\Program\natspeak.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
APC UPS Status.lnk = ?


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Logitech Utility = Logi_MwX.Exe
Disk Monitor = C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
QuickTime Task = "D:\Programs\QuickTime\qttask.exe" -atboottime
LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
VX3000 = C:\WINDOWS\vVX3000.exe
CanonSolutionMenu = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 = "D:\Programs\ScanSoft\OmniPageSE4\OpwareSE4.exe"
Acrobat Assistant 8.0 = "D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe"
Adobe Reader Speed Launcher = "D:\Programs\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DNS7reminder = "D:\Programs\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
ZoneAlarm Client = "D:\Programs\ZoneAlarm\zlclient.exe"
SecurDisc = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
InCD = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


Autorun entries from Registry:

Desktop Calendar = D:\Programs\Desktop Calendar\Desktop Calendar.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
LaunchList = D:\Programs\Pinnacle\Studio 11\LaunchList2.exe
Uniblue RegistryBooster 2 = d:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


Autorun entries in Registry subkeys of:



Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - f:\spyware\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Ipswitch.WsftpBrowserHelper - C:\Program Files\WS_FTP\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B}
(no name) - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\Programs\Acrobat Prof\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}


Enumerating Task Scheduler jobs:



Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = D:\Programs\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1144541247171

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.games.yahoo.com/games/web_...aploader_v6.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

End of report, 10,989 bytes
Report generated in 0.062 seconds

BC AdBot (Login to Remove)



#2 ken545


    Malware Response Team

  • Malware Response Team
  • 1,685 posts
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:18 PM

Posted 05 July 2008 - 05:47 AM

Hello sylore

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014

donate.gif Please consider a donation to help me keep up my fight against malware.


Just a reminder that threads will be closed if no response in 3 days

#3 ken545


    Malware Response Team

  • Malware Response Team
  • 1,685 posts
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:18 PM

Posted 02 August 2008 - 11:08 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014

donate.gif Please consider a donation to help me keep up my fight against malware.


Just a reminder that threads will be closed if no response in 3 days

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users