Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Quite Sure The Exact Culprit(s) Causing This


  • This topic is locked This topic is locked
1 reply to this topic

#1 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 PM

Posted 10 November 2006 - 09:51 AM

Hello...

I've ran a scan using the HijackThis, but I'm not quite sure what I'm over-looking. Here are the problems I've been having with this computer for quite some time.

1. System Config Utility loads at boot up, and no matter what I've tried so far, it keeps loading.
2. I can hear the sound (bubble-popping sound) of a message coming from my taskbar, probably the Windows Update message, but I never see anything.
3. When Installing new programs, they never highlight on the All Programs section, before I click to view the new program. They are highlighted when I click on to view my programs.
4. During shutdown, it's takes upto 1-2 minutes to power off or to reboot.
5. I have uninstalled programs, that show up in Autoruns, but no matter how I've tried to delete their references, they just keep showing up again.

I have ran these tools:
HijackThis
BHOLists
Spybot Search&Destroy
Ad-Aware
Autoruns
Process Explorer
F-Secure
RootKit Hook Analyzer
CWShredder
Security Task Manager

....and I have other tools that i haven't used yet.

Besides the above issues, the computer runs fine, no resources are being hogged, every single program runs as they should, and it's been quite a few months since I've used IE on this computer, and the computer doesn't do strange things or the like.
------------------------------------------------------------------------------------------------------------------------------
I've taken the liberty to start training myself with the HijackThis program and the info provided. I have used all programs recommended along with HJT, and I've kinda troubleshooted my issues. I hope this will help you out. The HJT logs are something I can do, with the proper training, because it seems so easy for me.

Also, I'd like to know what I can do to become a helper with HJT logs. This is very interesting, and something I'll learn very fast. Tell me what I need to do, and I'll get right on it.

Anyway...... here's my log. You'll notice that I made references next to the lines to indicate what I've found by studying all of this.
---------------------------------------------------------------------------------------------------------------------------
You might want to copy/paste in Notpad or something.. my additions make some lines go onto the next.


Logfile of HijackThis v1.99.1
Scan saved at 4:37:52 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe -------------------------------------------------------------------------BAD
C:\WINDOWS\system32\winlogon.exe----------------------------------------------------------------------BAD
C:\WINDOWS\system32\services.exe----------------------------------------------------------------------BAD
C:\WINDOWS\system32\lsass.exe--------------------------------------------------------------------------BAD
C:\WINDOWS\system32\svchost.exe--------------------------------------------------------------------------BAD
C:\WINDOWS\System32\svchost.exe--------------------------------------------------------------------------BAD
C:\Program Files\Ahead\InCD\InCDsrv.exe--------------------------------------------------------ok
C:\WINDOWS\system32\spoolsv.exe-------------------------------------------------------------ok
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe-----------------------------------------ok
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe----------------------------------------------------BAD
C:\Program Files\Apache Group\Apache2\bin\Apache.exe-------------------------------------------ok
C:\WINDOWS\System32\cisvc.exe---------------------------------------------------------------------------UNKNOWN/MY CHOICE
C:\WINDOWS\System32\svchost.exe--------------------------------------------------------------------------BAD
C:\WINDOWS\system32\inetsrv\inetinfo.exe-----------------------------------------------------------------MY IIS WEB SERVER
C:\Program Files\Common Files\LightScribe\LSSrvc.exe------------------------------------------------ok
C:\WINDOWS\System32\tcpsvcs.exe-----------------------------------------------------------------NOT FOUND
C:\Program Files\Apache Group\Apache2\bin\Apache.exe-----------------------------------------------------------------MY WEB SERVER
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe-------------------------------------------BAD
C:\WINDOWS\system32\msiexec.exe-----------------------------------------------------------------NOT FOUND
C:\mysql\bin\mysqld-opt.exe------------------------------------------------------------------------MY WEB SERVER
C:\WINDOWS\Explorer.EXE-----------------------------------------------------------------------------------BAD
C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe---------------------------OK
C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe--------------------------OK
C:\WINDOWS\System32\snmp.exe---------------------------------------------------------------------NOT FOUND
C:\WINDOWS\System32\svchost.exe-------------------------------------------------------------------------BAD
C:\WINDOWS\System32\dllhost.exe------------------------------------------------------------------------OK
C:\WINDOWS\System32\tlntsvr.exe---------------------------------------------------------------------NOT FOUND
C:\WINDOWS\System32\vssvc.exe---------------------------------------------------------------------NOT FOUND
C:\WINDOWS\System32\dmadmin.exe------------------------------------------------------------------NOT FOUND
C:\Program Files\QuickTime\qttask.exe----------------------------------------------------------------ok
C:\WINDOWS\system32\khooker.exe------------------------------------------------------------------NOT REQUIRED
C:\Program Files\Ahead\InCD\InCD.exe----------------------------------------------------------------OK
C:\Program Files\AIM\aim.exe-------------------------------------------------------------------------NOT REQUIRED
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe-------------------------------------OK
C:\WINDOWS\system32\ctfmon.exe-------------------------------------------------------------------?
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe----------------------------------------OK
C:\mysql\bin\winmysqladmin.exe----------------------------------------------------------------------NOT REQUIRED
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe-----------------------------------------------------OK
C:\Program Files\PeerGuardian2\pg2.exe---------------------------------------------------------------OK
C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe-------------------------OK
C:\WINDOWS\system32\wuauclt.exe-------------------------------------------------------------------BAD
C:\WINDOWS\system32\wscntfy.exe-------------------------------------------------------------------BAD
C:\WINDOWS\System32\dllhost.exe--------------------------------------------------------------------OK
C:\WINDOWS\system32\LVComsX.exe------------------------------------------------------------------NOT FOUND
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\uninstaller.exe------------OK
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe---------------OK
C:\Temp-1 Click DVD Copy\HijackThis.exe---------------------------------------------------------------OK

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/-------------------...------------BAD
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll--------------------OK
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll---------------------------------------------------OK.....SPYBOT SEARCH & DESTROY
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll---------------------------------------OK
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll-------------------------------OK
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll---------------------------------------OK
O2 - BHO: - {92AC3D47-DB39-45D0-B93E-8C7D19C322B2} - C:\WINDOWS\lbbho.dll --------------------------------------------------------BAD - BHOList
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe---------------------------------------OK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime---------------------------------------OK
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe---------------------------------------OK
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe---------------------------------------OK
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe --------------------------------------------------------------------------------------------------------------RECOGNISED START
O4 - Startup: ProtoWall.lnk = C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe ---------------------------------------------------------------------------------------------------RECOGNISED START
O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe ---------------------------------------------------------------------------------------------------------RECOGNISED START
O4 - Startup: MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe ----------------------------------------------------RECOGNISED START
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe ------------------------------------------------------------------RECOGNISED START
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE -------------------------------------------------------------------------------------RECOGNISED START
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 ---------------------------------------------------------------RECOGNISED START
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm ----------------------------------------------------------------------------------RECOGNISED START
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll ---------------------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -----------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra button: Whois - {11E47140-F946-4049-B038-AB77CAA0480B} - C:\Program Files\Whois Web\WWtoolbar.htm ------------------------------------------------------------RECOGNISED START
O9 - Extra button: BrowserPlus - {274A9B69-A851-439b-A173-B14BC571D052} - C:\WINDOWS\System32\shdocvw.dll---------------------------------------------------------------RECOGNISED START
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - C:\WINDOWS\System32\shdocvw.dll -----------------------------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - C:\WINDOWS\System32\shdocvw.dll -------------------------------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - C:\WINDOWS\System32\shdocvw.dll -----------------------------------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) ----------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) --------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -------------------------------------------------------------------------------------------NOT FOUND IN BHOList
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -------------------------------------------------------------------------NOT FOUND IN BHOList
O11 - Options group: [INTERNATIONAL] International* ---------------------------------------------------------------------------------------------?
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 --------------------------------------------------------------NOT FOUND IN BHOList
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - -----------------------------------------------------------------------------------------------------------------------------------NOT FOUND IN BHOList
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) --------------------------------------------------------REPAIRED
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) --------------------------------------------------------RECOGNISED
O23 - Service: EHXBQXNX - RIF - (no file) -------------------------------------------------------------------------------------------------------------------------------------------NOT RECOGNISED
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe--------------------------------------------------------------------------------------------RECOGNISED
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe--------------------------------------------------------------------------------RECOGNISED
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe-------------------RECOGNISED
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe---------------------------------------RECOGNISED
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-opt.exe----------------------------------------------------------------------------------------------------------------RECOGNISED
O23 - Service: PCtel speaker phone (pctspk) - Unknown owner - C:\WINDOWS\System32\pctspk.exe-----------------------------------------------------------------------------------RECOGNISED
O23 - Service: QUHMOSL - PCTEL, INC. - (no file)------------------------------------------------------------------------------------------------------------------------------------RECOGNISED
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)-------- I UNINSTALLED RELATED PROGRAM
O23 - Service: RSHAUA - Resplendence - (no file)----------------------------------------------------------------------------------------------RECOGNISED
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

Edited by Walkman, 10 November 2006 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 PM

Posted 14 November 2006 - 04:58 PM

Hello..

You can disregard this post. Since I've ran every imaginable test, and also deleting programs (since I can reinstall them), nothing seemed to help out, so I just backed up my whole hd, deleted the data, repartitioned it, and reformatted it. Now I'll have a clean slate on it this time, because I have the tools to monitor everything I install this time, which I didn't have for the 1st half of installed programs before.

Thanks a lot for all of your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users