Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Results In Hjt


  • Please log in to reply
3 replies to this topic

#1 SurferJoe46

SurferJoe46

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:S. California
  • Local time:03:31 PM

Posted 08 November 2005 - 05:58 PM

This is the short results from a log scan thu http://www.hijackthis.de/


C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe - Unknown

C:\Program Files\Google\Google Talk\googletalk.exe - Unknown
<؀Aдܴ  A1չ =Ф輽ȹٕɥ齸нє͹ݕ хՑ̽]%̹ Aͥ䁹ȼ<Aɽѽ聵͹
Ĵ Ĵ􀴀 qAI=I1\MSNMESLW\ܘ\  [HZ\[H HXH\O


What have I got here?

The "twain" driver is for my digital camera, and everybody knows what GoogleTalk is, so they can be ignored...but what's the other stuff?

This stuff up above didn't show up in the results of the scan, just when I clicked on the Save Short Results and it opened a notepad and that is what showed up...hmmmmmmmmmmmmmmmmm?

Also in the full results below ignore the .dwf viewer...it is a cad reader. (O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/dwfv...ViewerSetup.cab

Just in case someone wants to see the whole log, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:29 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\SECURITY AREA\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\SECURITY AREA\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Handheld\Hotsync.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\SECURITY AREA\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = On Internet Explorer! Careful!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - D:\SECURITY AREA\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - D:\SECURITY AREA\SpoofStick\SpoofStick.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [gcasServ] "D:\SECURITY AREA\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1113003336543
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/dwfv...ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,23/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnw...es/vzWebIns.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Joe Vreeland (aka: SurferJoe46)


Warum soll Ich mir Sorgen machen?

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:31 PM

Posted 09 November 2005 - 01:26 PM

Hi there! :thumbsup:

I would stay away from that auto-analyser, it always gives those kind of results for legit items

To me the log looks clean are you experiencing any problems?

David

#3 SurferJoe46

SurferJoe46
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:S. California
  • Local time:03:31 PM

Posted 09 November 2005 - 08:06 PM

Hi there! :thumbsup:

I would stay away from that auto-analyser, it always gives those kind of results for legit items

To me the log looks clean are you experiencing any problems?

David


Yeah...but being as nervous as I am, I went head chopping all by myself. First the symptoms I have had:

Slow..slow slow slow boot with multiple repeats on splashes and finally after about 4 minutes the Windows sign-on screen shows up and waits for my password. After entering the password, I can go cook a rare steak and open a beer and get back to the puter in time to see it finally get running.

In TaskManager I always have a 40 to 60% busy value and that's when I am doing nothing. Now...I know that XP does a little housekeeping during idle times but I think that's too much activity for sweeping the floors and shuffling some files...right?

Pages take a lot longer to load...and I thought it might be my antivirus scanners...but I did something kinda crazy...and it seems to have helped.

I used HJT and killed this process:

http://www.autodesk.com/global/dwfv...ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

then I removed AVG.....I actually toggled it off in SpyBot S&D in the advanced tools area.

......and after that...mostly everything is back to normal again...a little slow yet, but miles better.


Since time wounds all heels, I will wait for a few days and see what gives or doesn't..and I'll get back to you if I still have problems.

Sad to see that the HJT.de/ site is not that good.

BTW: I ran the scanner and diagnostic again after taking the above actions and there's no sign of that Martian language stuff any more! :flowers:

The system I have is as follows:

SOYO SY-333 Ultra Plat with Athlon XP, 1 gig Ram, 4 - 200 gig HDDS on Raid 0+1, 4- 200 gig HDDS on JBOD, 1 - 40 gig HDD for OPSYS and UPDATES. WIN XP-PRO w/SP-2 and ALL updates and patches. Etc.

I collect a lot of movies and music and that's why I have all the room on the HDDS. I never said that..did I?
Joe Vreeland (aka: SurferJoe46)


Warum soll Ich mir Sorgen machen?

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:31 PM

Posted 10 November 2005 - 05:41 PM

OK! :thumbsup:

Post back if you have any more problems soon!

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users