Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New User With Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 sylore

sylore

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 11 June 2008 - 11:19 PM

bloatware, malware, spyware, adware... it's all getting me bogged down so i'm posting this hijack this log and hoping someone will be kind enough to identify issues with what's running on my computer.
thanks for your help

StartupList report, 6/12/2008, 12:14:39 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
F:\spyware\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programs\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Uniblue\RegistryBooster 2\RegistryBooster.exe
D:\Programs\Dragon\Program\natspeak.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\PROGRAMS\MOZILL~1\FIREFOX.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Leah\Start Menu\Programs\Startup]
Dragon NaturallySpeaking.lnk = D:\Programs\Dragon\Program\natspeak.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
APC UPS Status.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Logitech Utility = Logi_MwX.Exe
Disk Monitor = C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
QuickTime Task = "D:\Programs\QuickTime\qttask.exe" -atboottime
LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
VX3000 = C:\WINDOWS\vVX3000.exe
CanonSolutionMenu = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 = "D:\Programs\ScanSoft\OmniPageSE4\OpwareSE4.exe"
Acrobat Assistant 8.0 = "D:\Programs\Acrobat Prof\Acrobat\Acrotray.exe"
Adobe Reader Speed Launcher = "D:\Programs\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DNS7reminder = "D:\Programs\Dragon\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
ZoneAlarm Client = "D:\Programs\ZoneAlarm\zlclient.exe"
SecurDisc = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
InCD = C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Desktop Calendar = D:\Programs\Desktop Calendar\Desktop Calendar.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
LaunchList = D:\Programs\Pinnacle\Studio 11\LaunchList2.exe
Uniblue RegistryBooster 2 = d:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - f:\spyware\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Ipswitch.WsftpBrowserHelper - C:\Program Files\WS_FTP\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B}
(no name) - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\Programs\Acrobat Prof\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
McDefragTask.job
McQcTask.job
Microsoft_Hardware_Launch_vVX3000_exe.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = D:\Programs\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1144541247171

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.games.yahoo.com/games/web_...aploader_v6.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 10,989 bytes
Report generated in 0.062 seconds

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:36 PM

Posted 05 July 2008 - 05:47 AM

Hello sylore

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:36 PM

Posted 02 August 2008 - 11:08 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users