Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
3 replies to this topic

#1 georgiadogs

georgiadogs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 17 November 2006 - 01:06 PM

The problem is that I have noticed that under the Window Task Mamanger - Processes a file called svchost runs often and jacks the cpu usage to 100%. I have posted the log for your analysis. Please help if possible.


Logfile of HijackThis v1.99.1
Scan saved at 9:15:10 AM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Shannon\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxsports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Corel Network monitor worker - {ED2E185D-DCE8-4BCF-B55F-C580183D342A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {ED2E185D-DCE8-4BCF-B55F-C580183D342A} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/254ffa4e7f9f09...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136524108862
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 November 2006 - 06:55 AM

Hi georgiadogs and Welcome to the Bleeping Computer!

Peaceful weekend for them dogs,huh? :thumbsup:


Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#3 georgiadogs

georgiadogs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 19 November 2006 - 01:41 PM

Thanks for the help. Here is the log:

Shannon - 06-11-19 10:35:49.45 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Shannon\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))


2006-10-20 10:48 121,856 -----c--- C:\WINDOWS\system32\xmllite.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 09:02 -------- d----c--- C:\Program Files\Microsoft Windows OneCare Live
2006-11-17 08:54 -------- d---sc--- C:\Documents and Settings\Shannon\Application Data\Microsoft
2006-11-10 12:02 -------- d----c--- C:\Program Files\Quicken
2006-11-10 09:03 -------- d----c--- C:\Program Files\Common Files
2006-11-07 19:23 -------- d----c--- C:\Program Files\Windows Media Player
2006-11-07 19:06 -------- d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-03 07:23 -------- d----c--- C:\Documents and Settings\Shannon\Application Data\Creative
2006-10-20 12:22 -------- d----c--- C:\Program Files\Windows Defender
2006-10-20 12:14 -------- d----c--- C:\Program Files\Internet Explorer
2006-10-17 12:01 13312 --a--c--- C:\WINDOWS\system32\ieudinit.exe
2006-10-15 11:21 -------- d----c--- C:\Documents and Settings\Shannon\Application Data\Windows Live Safety Center
2006-10-15 08:08 -------- d----c--- C:\Program Files\Windows Live Safety Center
2006-10-12 19:53 -------- d----c--- C:\Program Files\Common Files\Real
2006-10-12 19:53 -------- d----c--- C:\Documents and Settings\Shannon\Application Data\Real
2006-10-02 16:26 -------- d----c--- C:\Documents and Settings\Shannon\Application Data\ICAClient
2006-10-02 16:25 -------- d----c--- C:\Program Files\Citrix
2006-09-27 11:48 -------- d----c--- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 15:42 618328 --a--c--- C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-09-12 21:01 1084416 --a--c--- C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a--c--- C:\WINDOWS\system32\msxml4.dll
2006-09-06 16:43 22752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 07:45 617472 --a--c--- C:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a--c--- C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a--c--- C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a--c--- C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a--c--- C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a--c--- C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a--c--- C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 -----c--- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a--c--- C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a--c--- C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 -----c--- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a--c--- C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a--c--- C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 -----c--- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a--c--- C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a--c--- C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 -----c--- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a--c--- C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a--c--- C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a--c--- C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a--c--- C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a--c--- C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a--c--- C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a--c--- C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a--c--- C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a--c--- C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 -----c--- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a--c--- C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 -----c--- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --a--c--- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --a--c--- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a--c--- C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a--c--- C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 -----c--- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --a--c--- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 -----c--- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a--c--- C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a--c--- C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a--c--- C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a--c--- C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a--c--- C:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --a--c--- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a--c--- C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a--c--- C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 -----c--- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a--c--- C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a--c--- C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --a--c--- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a--c--- C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a--c--- C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a--c--- C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 -----c--- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 -----c--- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 -----c--- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --a--c--- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a--c--- C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --a--c--- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --a--c--- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a--c--- C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a--c--- C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --a--c--- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a--c--- C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 -----c--- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 17408 -----c--- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-21 04:26 16896 --a--c--- C:\WINDOWS\system32\fltlib.dll
2006-08-21 01:43 23040 --a--c--- C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www2.worldpub.net/wallpaper/fsw/800x600_boat.jpg"
"SubscribedURL"="http://www2.worldpub.net/wallpaper/fsw/800x600_boat.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.wildernessawareness.org/Header/header_photos.jpg"
"SubscribedURL"="http://www.wildernessawareness.org/Header/header_photos.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,bd,00,00,00,35,00,00,00,9f,02,00,00,6a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,9f,02,00,00,6a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,db,05,41,c0,b4,74,f0,37,34,08,68,de,db,05,20,6d,\
db,05,18,0b,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoControlPanel"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Shannon^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Shannon\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HKserv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb10"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICO"
"hkey"="HKLM"
"command"="ICO.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MtdAcq"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VAIOUpdt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SubFlyer"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Sonysys\\Eflyer\\SubFlyer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Speed Disk service"=dword:00000002
"SPBBCSvc"=dword:00000002
"SNDSrvc"=dword:00000002
"SAVScan"=dword:00000003
"NSCService"=dword:00000003
"NProtectService"=dword:00000002
"NPFMntor"=dword:00000002
"navapsvc"=dword:00000003
"GBPoll"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccISPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
"VAIOMediaPlatform-VideoServer-UPnP"=dword:00000003
"VAIOMediaPlatform-VideoServer-HTTP"=dword:00000003
"VAIOMediaPlatform-VideoServer-AppServer"=dword:00000003
"VAIOMediaPlatform-Mobile-Gateway"=dword:00000003
"VAIOMediaPlatform-IntegratedServer-UPnP"=dword:00000003
"VAIOMediaPlatform-IntegratedServer-HTTP"=dword:00000003
"VAIOMediaPlatform-IntegratedServer-AppServer"=dword:00000003
"VAIO Entertainment UPnP Client Adapter"=dword:00000003
"VAIO Entertainment TV Device Arbitration Service"=dword:00000003
"VAIO Entertainment File Import Service"=dword:00000002
"VAIO Entertainment Aggregation and Control Service"=dword:00000003
"Symantec Core LC"=dword:00000002
"SPTISRV"=dword:00000003
"PACSPTISVR"=dword:00000003
"ose"=dword:00000003
"iPodService"=dword:00000003
"IDriverT"=dword:00000003
"Ati HotKey Poller"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
"GURL01"="C:\\WINDOWS\\System32\\gdwfil.dll"
"GURL02"="C:\\WINDOWS\\System32\\usrgfil.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-19 10:36:29.61
C:\ComboFix.txt ... 06-11-19 10:36

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 November 2006 - 05:16 AM

I dont see anything wrong with that log.

Do you have CyberSitter installed on the machine?


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users