• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
vanyon

new to this, here is logfile

10 posts in this topic

This is first time using hijackthis and this is my first log file, not sure if there is anything bad in it or not. Appreciate any help, thanks.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:42:27 PM, on 6/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgtc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Your log is clean. If you have any problems pleas explain.

Share this post


Link to post
Share on other sites

Hi,

 

thanks for the info, I am currently experiencing my computer using bandwidth when I have nothing up, widows up date is not downloading, and I am still using bandwidth constantly on this computer. Had me worried.

 

Any insight???

Share this post


Link to post
Share on other sites

When Windows Update is a problem, I use the following to re-register the file.

Start, Run, type in cmd, press enter

At the DOS prompt execute the following commands, one by one.

Press the enter key after each entry

regsvr32 wuapi.dll

regsvr32 wuaueng.dll

regsvr32 wucltui.dll

regsvr32 wups.dll

regsvr32 msxml3.dll

regsvr32 jscript.dll

regsvr32 atl.dll

regsvr32 Mshtml.dll

regsvr32 Shdocvw.dll

regsvr32 Oleaut32.dll

regsvr32 Actxprxy.dll

regsvr32 initpki.dll

Type Exit press enter to return the operating mode.

 

When done,

 

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

*use separate posts to ensure the logs don't get cut off!

Share this post


Link to post
Share on other sites

combofix log:

"Owner" - 2007-07-02 11:50:37 - ComboFix 07-06-27.7 - Service Pack 2 NTFS [sAFE MODE]

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Owner\Desktop\internet.lnk

C:\WINDOWS\system32\windev-peers.ini

 

 

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

 

 

2007-07-02 11:50 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-07-01 22:12 75,512 --a------ C:\WINDOWS\zllsputility.exe

2007-07-01 22:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-07-01 22:12 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-07-01 22:11 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-07-01 22:11 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-07-01 22:11 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-07-01 20:01 815,104 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-01 20:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS

2007-07-01 20:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

2007-07-01 20:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

2007-07-01 20:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\McAfee

2007-07-01 20:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL

2007-07-01 19:29 <DIR> d-------- C:\Program Files\Bandwidth Monitor Pro

2007-06-26 03:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

2007-06-25 18:05 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-06-25 18:05 <DIR> d-------- C:\WINDOWS\nview

2007-06-25 01:00 <DIR> d-------- C:\cabs

2007-06-25 00:55 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-06-25 00:55 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-06-25 00:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2007-06-25 00:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2007-06-25 00:55 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2007-06-25 00:55 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-06-25 00:55 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-06-25 00:55 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2007-06-25 00:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2007-06-25 00:55 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-06-25 00:55 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-06-25 00:55 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-06-25 00:55 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-06-25 00:55 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-06-25 00:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-06-25 00:55 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2007-06-25 00:55 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-06-25 00:55 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2007-06-25 00:55 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2007-06-25 00:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2007-06-24 23:03 <DIR> d-------- C:\WINDOWS\NV496552.TMP

2007-06-23 23:39 <DIR> d-------- C:\Program Files\Common Files\EasyInfo

2007-06-19 02:25 <DIR> d-------- C:\WINDOWS\NV20202808.TMP

2007-06-19 02:24 <DIR> d-------- C:\NVIDIA

2007-06-19 01:39 159,744 --a------ C:\WINDOWS\system32\igfxres.dll

2007-06-19 00:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA

2007-06-18 23:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-06-09 13:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-06-09 13:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-06-09 13:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-28 20:33:14 -------- d-----w C:\Program Files\World of Warcraft

2007-06-26 17:57:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM

2007-06-25 21:48:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-06-08 21:41:56 -------- d-----w C:\Program Files\Diablo II

2007-05-24 04:56:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ahead

2007-05-19 15:33:15 -------- d-----w C:\Program Files\EA Games

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24]

"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []

"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]

"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2005-04-10 08:13]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-28 07:14]

"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 20:48]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55]

"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-01-13 16:22]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]

"Bandwidth Monitor Pro"="C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" [2005-02-16 16:48]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1125231214\EE\AOLHostManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL TopSpeedMonitor"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9e4d1b1-17b8-11da-a232-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-02 16:40:00 C:\WINDOWS\tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-02 11:54:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-02 11:55:04

C:\ComboFix-quarantined-files.txt ... 2007-07-02 11:54

 

--- E O F ---

Share this post


Link to post
Share on other sites

hijack log:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:05:41 PM, on 7/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgtc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.1.cab

O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

I downloaded avg and got rid of old norton yesterday and I downloaded zonealarm, and I downlaoded bandwidth monitor pro to see if something was downloading and uploading in background. Even with zonealarm going, bandwidth monitor shows something is always using bandwidth, with nothing up and running. I have it on my wife's computer and it shows 0 bps download and 0bps upload when computer is just sitting there, but mine shows activity all the time.

 

 

Thank you very much for all your help so far!!!

Share this post


Link to post
Share on other sites

Can you now get to Microsoft's Updates?

 

Please perform an online virus scan with F-Secure Online Scanner.

 

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml

  • Click the Online Virus Scanner link. (Bottom of the page)
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0