Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack this log

Unread postby leo the lion » January 17th, 2008, 9:23 pm

Hi could someone please look at my log as internet explorer keeps closing and my computer is running slow

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:19, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 4091 bytes
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm
Advertisement
Register to Remove

Re: hijack this log

Unread postby Katana » January 21st, 2008, 3:00 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

=========================================================================================
No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the ComboFix log along with the Kaspersky log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby leo the lion » January 21st, 2008, 6:56 pm

HI I have zone alarn security suite which is anti virus, anti spyware, and firewall
Here are the logs you asked for and thanks for helping me

ComboFix 08-01-20.1 - Owner 2008-01-21 20:53:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 19:46 . 2008-01-21 01:23 102,664 --a------ C:\WINDOWS\SYSTEM32\drivers\tmcomm.sys
2008-01-21 01:23 . 2008-01-21 19:46 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-20 20:24 . 2008-01-20 21:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-18 01:17 . 2008-01-18 01:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 00:21 . 2008-01-20 20:01 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-16 22:24 . 2008-01-16 22:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-01-16 22:19 . 2008-01-16 22:19 <DIR> d-------- C:\Program Files\Nero
2008-01-16 22:19 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-16 17:29 . 2008-01-18 00:13 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-16 17:24 . <DIR> C:\Documents and Settings\Owner\Application Data\NeroDigitalT
2008-01-16 00:11 . 2008-01-16 00:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-01-16 00:01 . 2008-01-16 17:50 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-16 00:01 . 2008-01-16 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-15 01:49 . 2008-01-15 01:49 <DIR> d-------- C:\My Computer
2008-01-13 23:10 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\SYSTEM32\drivers\BANTExt.sys
2008-01-13 13:57 . 2008-01-13 13:57 <DIR> d-------- C:\Program Files\uTorrent
2008-01-13 13:57 . 2008-01-17 01:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-13 01:21 . 2008-01-13 01:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-01-13 01:21 . 2008-01-13 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-13 01:13 . 2008-01-13 13:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-09 16:20 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\SYSTEM32\ChCfg.exe
2008-01-09 16:19 . 2008-01-09 16:19 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-09 16:19 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\SYSTEM32\RTLCPL.exe
2008-01-09 16:19 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\SYSTEM32\drivers\alcxwdm.sys
2008-01-09 16:19 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\SYSTEM32\alsndmgr.wav
2008-01-09 16:18 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\SYSTEM32\alsndmgr.cpl
2008-01-09 16:18 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-09 16:18 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-09 16:18 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-09 16:18 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\SYSTEM32\RtlCPAPI.dll
2008-01-05 17:26 . 2008-01-05 17:26 <DIR> d-------- C:\Program Files\SonicWallES
2008-01-03 02:21 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-01-03 02:20 . 2008-01-03 02:23 <DIR> d-------- C:\WINDOWS\NV39363940.TMP
2007-12-25 21:39 . 2007-12-26 01:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 01:55 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB10F.tmp
2008-01-21 01:55 418,244 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 01:55 32,757,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 01:55 2,983,936 ----a-w C:\WINDOWS\Internet Logs\xDB110.tmp
2008-01-20 22:49 2,980,352 ----a-w C:\WINDOWS\Internet Logs\xDB10E.tmp
2008-01-20 22:49 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB10D.tmp
2008-01-20 21:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 20:05 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-20 01:26 2,974,720 ----a-w C:\WINDOWS\Internet Logs\xDB10C.tmp
2008-01-20 01:26 188,416 ----a-w C:\WINDOWS\Internet Logs\xDB10B.tmp
2008-01-19 01:40 --------- d-----w C:\Program Files\a-squared Free
2008-01-19 01:24 92,160 ----a-w C:\WINDOWS\Internet Logs\xDB109.tmp
2008-01-19 01:24 2,967,552 ----a-w C:\WINDOWS\Internet Logs\xDB10A.tmp
2008-01-18 03:35 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB108.tmp
2008-01-17 18:31 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB106.tmp
2008-01-17 18:31 2,950,656 ----a-w C:\WINDOWS\Internet Logs\xDB107.tmp
2008-01-17 17:02 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB104.tmp
2008-01-17 17:02 2,950,144 ----a-w C:\WINDOWS\Internet Logs\xDB105.tmp
2008-01-17 14:54 65,536 ----a-w C:\WINDOWS\Internet Logs\xDB102.tmp
2008-01-17 14:54 2,949,632 ----a-w C:\WINDOWS\Internet Logs\xDB103.tmp
2008-01-17 02:32 209,408 ----a-w C:\WINDOWS\Internet Logs\xDB101.tmp
2008-01-16 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:52 2,917,888 ----a-w C:\WINDOWS\Internet Logs\xDB100.tmp
2008-01-16 17:52 111,104 ----a-w C:\WINDOWS\Internet Logs\xDBFF.tmp
2008-01-16 17:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\NeroDigital™
2008-01-16 03:15 252,416 ----a-w C:\WINDOWS\Internet Logs\xDBFD.tmp
2008-01-16 03:15 2,899,968 ----a-w C:\WINDOWS\Internet Logs\xDBFE.tmp
2008-01-16 01:47 217,600 ----a-w C:\WINDOWS\Internet Logs\xDBFB.tmp
2008-01-16 01:47 2,898,432 ----a-w C:\WINDOWS\Internet Logs\xDBFC.tmp
2008-01-16 01:40 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBF9.tmp
2008-01-16 01:40 2,898,432 ----a-w C:\WINDOWS\Internet Logs\xDBFA.tmp
2008-01-16 01:37 2,897,920 ----a-w C:\WINDOWS\Internet Logs\xDBF8.tmp
2008-01-16 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 00:46 2,893,312 ----a-w C:\WINDOWS\Internet Logs\xDBF7.tmp
2008-01-16 00:46 102,400 ----a-w C:\WINDOWS\Internet Logs\xDBF6.tmp
2008-01-16 00:29 66,048 ----a-w C:\WINDOWS\Internet Logs\xDBF5.tmp
2008-01-16 00:16 2,902,528 ----a-w C:\WINDOWS\Internet Logs\xDBF4.tmp
2008-01-16 00:16 1,163,776 ----a-w C:\WINDOWS\Internet Logs\xDBF3.tmp
2008-01-15 01:52 1,040,384 ----a-w C:\WINDOWS\Internet Logs\xDBF2.tmp
2008-01-14 02:54 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBF0.tmp
2008-01-14 02:54 2,873,344 ----a-w C:\WINDOWS\Internet Logs\xDBF1.tmp
2008-01-13 22:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Image Zone Express
2008-01-13 17:15 84,480 ----a-w C:\WINDOWS\Internet Logs\xDBEE.tmp
2008-01-13 17:15 2,841,600 ----a-w C:\WINDOWS\Internet Logs\xDBEF.tmp
2008-01-12 02:11 2,829,312 ----a-w C:\WINDOWS\Internet Logs\xDBED.tmp
2008-01-12 02:11 131,584 ----a-w C:\WINDOWS\Internet Logs\xDBEC.tmp
2008-01-10 02:01 38,400 ----a-w C:\WINDOWS\Internet Logs\xDBEA.tmp
2008-01-10 02:01 2,827,776 ----a-w C:\WINDOWS\Internet Logs\xDBEB.tmp
2008-01-09 22:55 113,664 ----a-w C:\WINDOWS\Internet Logs\xDBE9.tmp
2008-01-09 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 00:43 52,736 ----a-w C:\WINDOWS\Internet Logs\xDBE7.tmp
2008-01-09 00:43 2,814,464 ----a-w C:\WINDOWS\Internet Logs\xDBE8.tmp
2008-01-09 00:04 2,811,904 ----a-w C:\WINDOWS\Internet Logs\xDBE6.tmp
2008-01-09 00:04 137,728 ----a-w C:\WINDOWS\Internet Logs\xDBE5.tmp
2008-01-08 19:16 44,032 ----a-w C:\WINDOWS\Internet Logs\xDBE4.tmp
2008-01-08 00:32 52,224 ----a-w C:\WINDOWS\Internet Logs\xDBE3.tmp
2008-01-07 00:50 291,328 ----a-w C:\WINDOWS\Internet Logs\xDBE2.tmp
2008-01-03 02:13 55,808 ----a-w C:\WINDOWS\Internet Logs\xDBE1.tmp
2008-01-02 23:19 49,664 ----a-w C:\WINDOWS\Internet Logs\xDBDF.tmp
2008-01-02 23:19 2,757,632 ----a-w C:\WINDOWS\Internet Logs\xDBE0.tmp
2008-01-02 01:56 88,576 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp
2008-01-02 01:56 2,756,096 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2007-12-31 01:36 2,755,072 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp
2007-12-31 01:36 101,376 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp
2007-12-29 01:57 2,756,608 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp
2007-12-29 01:57 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp
2007-12-27 14:23 28,672 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp
2007-12-27 14:23 2,734,592 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp
2007-12-27 13:12 5,291,704 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-27 03:01 71,168 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp
2007-12-26 01:48 374,272 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp
2007-12-26 01:48 2,727,936 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp
2007-12-24 23:49 2,720,256 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp
2007-12-24 23:49 101,888 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp
2007-12-23 19:22 353,792 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp
2007-12-23 19:22 2,716,160 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp
2007-12-20 02:08 77,824 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp
2007-12-20 02:08 2,713,088 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp
2007-12-19 01:31 84,480 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2007-12-19 01:31 2,712,576 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp
2007-12-18 00:15 99,328 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2007-12-18 00:15 2,710,528 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2007-12-16 23:59 2,710,016 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2007-12-16 23:59 116,224 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2007-12-16 01:10 2,707,456 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2007-12-16 01:10 116,736 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2007-12-15 00:55 62,464 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2007-12-15 00:55 2,705,408 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2007-12-14 02:14 2,700,288 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2007-12-14 02:14 128,512 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2007-12-13 01:24 2,696,704 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2007-12-13 01:24 116,736 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2007-12-11 22:12 28,672 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2007-12-11 14:13 43,520 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2007-12-09 23:58 32,256 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2007-12-09 23:18 59,392 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2007-12-09 23:18 2,669,568 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2007-12-09 01:16 35,328 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2007-12-09 01:16 2,669,056 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2007-12-08 02:03 66,048 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 16:06 292152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-----c--- 2001-08-08 06:36 90112 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
-----c--- 1998-05-07 23:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-----c--- 2001-08-08 07:25 143360 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-02 08:37 155648 C:\WINDOWS\SYSTEM32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
-----c--- 2001-06-16 05:34 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\277.tmp []
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-01-17 22:18]

*Newly Created Service* - PROCEXP90
*Newly Created Service* - TMCOMM
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 20:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 21:01:09
.
2008-01-08 19:10:35 --- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 10:52:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 526068
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 52809
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:28:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\Working\database_FEDC_AED7_DCAE_898B\dfsr.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\Working\database_FEDC_AED7_DCAE_898B\fsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\Working\database_FEDC_AED7_DCAE_898B\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\patchristie22@hotmail.com\SharingMetadata\Working\database_FEDC_AED7_DCAE_898B\tmp.edb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\patchristie22@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF46A5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8FAC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF90F7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\DOWNLOAD 1\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Owner\My Documents\DOWNLOAD 1\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0AB78115-3F10-4D7F-ACE9-38BAFC97C2B9}\RP180\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PAT.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT03a90.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03a97.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm

Re: hijack this log

Unread postby Katana » January 21st, 2008, 7:53 pm

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
uTorrent


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Delete the following file.
C:\Documents and Settings\Owner\My Documents\DOWNLOAD 1\Nero-8.2.8.0_eng_trial.exe

======================================================================================================================================

There is no obvious malware there, is there any particular thing that makes IE crash ?


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby leo the lion » January 21st, 2008, 8:22 pm

I was in hospital and when i came out my son told me my computer wasent running right i dont know what he done to it he said internet explorer was closing . i have removed u torrent but i cant find bit torrent as i dont use them. here are the other scans you asked for

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-22 00:10:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-01-22 00:10:13 UTC - RP181 - Deckard's System Scanner Restore Point
4: 2008-01-21 20:52:34 UTC - RP180 - ComboFix created restore point
3: 2008-01-20 21:38:42 UTC - RP179 - Removed SUPERAntiSpyware Free Edition
2: 2008-01-20 20:24:23 UTC - RP178 - Installed SUPERAntiSpyware Free Edition
1: 2008-01-20 19:03:11 UTC - RP177 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:20, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 3917 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080122-000608-216 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080122-000608-299 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 MEMSWEEP2 - c:\windows\system32\277.tmp (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 00:03:30 0 d-------- C:\Program Files\Trend Micro
2008-01-21 21:04:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-21 21:04:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-21 21:04:34 0 d-------- C:\WINDOWS\LastGood
2008-01-21 01:23:39 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-20 20:24:24 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-18 00:21:14 0 d-------- C:\Program Files\MSN Messenger
2008-01-17 01:06:46 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-16 22:24:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-01-16 22:19:27 0 d-------- C:\Program Files\Nero
2008-01-16 22:19:27 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-16 19:38:38 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-01-16 17:24:37 0 d-------- C:\Documents and Settings\Owner\Application Data\NeroDigital™
2008-01-16 00:11:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-01-16 00:01:32 0 d-------- C:\Program Files\Common Files\Nero
2008-01-16 00:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-15 01:49:49 0 d-------- C:\My Computer
2008-01-13 23:10:35 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-01-13 01:21:52 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-01-13 01:21:52 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-13 01:13:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-12 01:08:55 4980736 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-01-09 16:20:12 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-09 16:19:06 0 d-------- C:\Program Files\Realtek AC97
2008-01-09 16:18:49 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-01-05 17:26:11 0 d-------- C:\Program Files\SonicWallES
2008-01-03 02:20:49 0 d-------- C:\WINDOWS\NV39363940.TMP
2007-12-28 20:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-12-25 21:39:44 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent


-- Find3M Report ---------------------------------------------------------------

2008-01-21 17:37:52 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-01-20 21:38:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 20:05:47 0 d-------- C:\Program Files\SpywareBlaster
2008-01-19 01:40:23 0 d-------- C:\Program Files\a-squared Free
2008-01-16 22:19:27 0 d-------- C:\Program Files\Common Files
2008-01-13 22:26:01 29645 --a------ C:\logfile
2008-01-13 22:15:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2008-01-09 16:18:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-28 20:56:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-06 22:00:47 0 d-------- C:\Program Files\Seagate
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-11-28 22:06:42 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-11-24 20:15:19 0 d-------- C:\Documents and Settings\Owner\Application Data\JLC's Software
2007-11-23 22:18:26 512 --a------ C:\ScanSectorLog.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\SYSTEM32\nwiz.exe]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [26/10/2007 16:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15db3d12-886e-11db-a327-de0be579658c}]

*Newly Created Service* - TMCOMM



-- End of Deckard's System Scanner: finished at 2008-01-22 00:14:05 ------------

he also said something about a trojan but i couldent find it with scans and i havent been well enough until now to try and get it fixed thanks again pat
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm

Re: hijack this log

Unread postby Katana » January 21st, 2008, 8:46 pm

To get the Extra log
  • Click Start > Run type "%userprofile%\desktop\dss.exe" /config click OK
  • This will bring up a pop up box.
    • Uncheck Main log.
    • Check Extra log
      • check the 5 boxes beneath it.
  • Hit the Scan button.
  • When the scan finishes the Extra.txt file will be minimised in Taskbar at the bottom of your screen.
  • Post it back here please.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby leo the lion » January 21st, 2008, 8:58 pm

this is the log you ask for and thanks again
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.20GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511.48 MiB / 170.34 MiB
Pagefile Memory (total/avail): 1247.21 MiB / 910.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1986.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.98 GiB total, 25.41 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 4D040H2 - 38.16 GiB - 2 partitions
\PARTITION0 - Unknown - 3.18 GiB
\PARTITION1 (bootable) - Installable File System - 34.98 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\PAT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PAT
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.1 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Creative PCI Audio Drivers --> C:\SBPCI\sbsetup.exe /u
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hoyle Board Games --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HCBG2\Uninst.isu
Hoyle Card Games --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HCCG2\Uninst.isu
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HSP56 World MicroModem Drivers --> ptuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_15f1e79\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 1.5 combined Win32 extensions --> C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG
Python 1.5.2 (final) --> C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SiS Audio Driver --> C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tcl 8.0.5 for Windows --> C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPatrol 2007 Restore/Remove First --> C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe -remove
WinPatrol 2007 Step 2 --> MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2008-01-22 00:56:29 ------------
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm

Re: hijack this log

Unread postby Katana » January 21st, 2008, 9:21 pm

There is nothing there that should be causing problems,
is the problem still happening, or did it stop before you were well enough to look at it ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby leo the lion » January 21st, 2008, 9:59 pm

it was running slow when i got back to it i will try it tomorrow and see how it is now thanks for all your help pat
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm

Re: hijack this log

Unread postby leo the lion » January 22nd, 2008, 12:13 pm

my son told me he ran trend micro house call so i ran it today i dident know how to save the log file but is said i have a troj genetic in C:HP/BIN/FONDLE WINDOW .EXE i dont know if that is waht is wrong thanks leo
leo the lion
Regular Member
 
Posts: 44
Joined: April 4th, 2005, 4:12 pm

Re: hijack this log

Unread postby Katana » January 22nd, 2008, 2:11 pm

That is a technically legitimate file from HP, but many people remove it as it is rarely needed.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby Katana » January 27th, 2008, 8:36 pm

Do you still need any help ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: hijack this log

Unread postby NonSuch » February 2nd, 2008, 2:46 am

Due to a lack of response this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum and wait
for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware