Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT -anj119


  • Please log in to reply
1 reply to this topic

#1 anj119

anj119

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 09 July 2005 - 05:05 PM

hello,

thank you for taking the time to read my post. i understand that the demands on your time are great and that the rewards are few. i want to acknowledge a deep debt of gratitude on the part of the bleeping folks like me whose lack of computing savvy would otherwise make them a swift and easy meal for scum.

i run windows xp sp2 with IE6 and msn explorer v9. windows update website shows no high priority updates for my computer. my anti-virus software is mcafee virus scan 9.1 . i use personal firewall plus 6, also mcafee. i run and update frequently spy-bot s&d, lavasoft's adaware SE, and microsoft antispyware beta. i also have noads which i run almost constantly.

most of these programs run daily, some run at boot time. all of them with the exception of mcafee virus scan have given me clean bills of health for at least a month. virus scan usually finds unwanted programs by a company called Adware-Look2me which i clean every time.

i got a worrisome error message this morning. i will try to tell you preciscly what it said but cannot give you the technical information the error message displayed as i simply do not remember. sorry. i was using windows explorer, i was in windows performance logs when i got a message that : drWatson postmortem debugging has encountered a problem and needs to close. this message was followed by a frozen system for which the only solution was to reboot.

a google search for dr watson debugger error turned up an unsettling amount of similar cases of this error message and suggested a link to (and im sorry Ive forgotten the exact name) the A-? downloader Trojan virus.

anyhow, a scan by all of my programs turned up nada. and im wondering if the answer may lie in this HJT scan log.

what do you see?

Logfile of HijackThis v1.99.1
Scan saved at 7:39:21 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32
undll32.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesMicrosoft HardwareKeyboard ype32.exe
C:PROGRA~1ScanSoftTEXTBR~1.0BinINSTAN~1.EXE
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:PROGRA~1MCAFEE.COMPERSON~1MPFTRAY.EXE
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesNoAdsNoAds.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1MCAFEE.COMPERSON~1MPFSERVICE.exe
C:WINDOWSSystem32
vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesInternet Exploreriexplore.exe
c:progra~1mcafee.comvsomcvsftsn.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsDouglas LanderDesktopHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:1037
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!Commonycomp5_1_6_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN Toolbar.01.1601.0en-usmsntb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [IntelliPoint] "C:Program FilesMicrosoft IntelliPointpoint32.exe"
O4 - HKLM..Run: [IntelliType] "C:Program FilesMicrosoft HardwareKeyboard ype32.exe"
O4 - HKLM..Run: [PrinTray] C:WINDOWSSystem32spoolDRIVERSW32X86printray.exe
O4 - HKLM..Run: [RegisterDropHandler] C:PROGRA~1ScanSoftTEXTBR~1.0BinREGIST~1.EXE
O4 - HKLM..Run: [InstantAccess] C:PROGRA~1ScanSoftTEXTBR~1.0BinINSTAN~1.EXE /h
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [MPFExe] C:PROGRA~1MCAFEE.COMPERSON~1MPFTRAY.EXE
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..RunServices: [RegisterDropHandler] C:PROGRA~1ScanSoftTEXTBR~1.0BinREGIST~1.EXE
O4 - HKCU..Run: [NoAds] "C:Program FilesNoAdsNoAds.exe"
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLMSystemCCSServicesTcpip..{A0B7DAD4-2825-4DA8-9183-5D13B1FE9EBF}: NameServer = 68.238.128.12 68.238.0.12
O20 - Winlogon Notify: BITS - C:WINDOWSsystem32dmraw.dll (file missing)
O20 - Winlogon Notify: DateTime - C:WINDOWSsystem32jt8407lqe.dll (file missing)
O20 - Winlogon Notify: RunOnceEx- - C:WINDOWSsystem32 68u0gl9e6q.dll
O20 - Winlogon Notify: SideBySide - C:WINDOWSsystem32
2p4lc7q1f.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:WINDOWSsystem32lv0409dqe.dll (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1MCAFEE.COMPERSON~1MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32
vsvc32.exe
O23 - Service: PnPService - Unknown owner - C:HCTPnPService.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:PROGRA~1COMMON~1SONYSH~1AVLibSptisrv.exe

:thumbsup: -anj119

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:24 AM

Posted 11 July 2005 - 08:28 AM

If you still need help, could you post a fresh log please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users