Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijack this log [CLOSED]

Started by lynseymillar2005 , May 20 2005 03:14 PM

This topic is locked

#1
lynseymillar2005

Posted 20 May 2005 - 03:14 PM

Member

Member
19 posts

Logfile of HijackThis v1.99.1
Scan saved at 22:04:01, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
E:\WINDOWS\system32\ntvdm.exe
E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\user\Desktop\music\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivil...ve/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

#2
Michelle

Posted 20 May 2005 - 03:16 PM

Malware Removal Goddess

Retired Staff
8,928 posts

*Open HijackThis.
*Click on "Open the Misc Tools Section"
*Click "Generate StartupList Log".
*Click "Yes" at the prompt

It will produce a NotePad Page. I need you to copy the entire contents of that page and paste it here.

#3
lynseymillar2005

Posted 20 May 2005 - 03:25 PM

Member

Topic Starter
Member
19 posts

ok here it is

StartupList report, 20/05/2005, 22:24:28
StartupList version: 1.52.2
Started from : E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LMNIPQ3\HijackThis[1].EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
E:\WINDOWS\system32\ntvdm.exe
E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LMNIPQ3\HijackThis[1].exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE
APVXDWIN = "E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
MessengerPlus3 = "E:\Program Files\MessengerPlus! 3\MsgPlus.exe"
WinPatrol = E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = E:\WINDOWS\system32\ctfmon.exe
MSMSGS = "E:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr = "E:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Load/Run keys from E:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=MsgPlusLoader.dll

--------------------------------------------------

Shell & screensaver key from E:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=E:\WINDOWS\FLOWER~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab30149.cab

[Shockwave ActiveX Control]
InProcServer32 = E:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[AimSp32 Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\aimsp32.dll
CODEBASE = http://makeover.ivil...ve/makeover.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.co...up1.0.0.8-2.cab

[Minesweeper Flags Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab30149.cab

[MSN Photo Upload Tool]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by19fd.bay19....es/MsnPUpld.cab

[HouseCall Control]
InProcServer32 = E:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[MessengerStatsClient Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab30149.cab

[MSN File Upload Control]
InProcServer32 = E:\WINDOWS\DOWNLO~1\MsnUpld.dll
CODEBASE = http://sc.groups.msn...eUC/MsnUpld.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zon...ro.cab30149.cab

[CBreakshotControl Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\Banksht2.dll
CODEBASE = http://messenger.zon...ot.cab30149.cab

[Shockwave Flash Object]
InProcServer32 = E:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[Solitaire Showdown Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...wn.cab31267.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavtcmgr.dat

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: E:\WINDOWS\system32\SHELL32.dll
CDBurn: E:\WINDOWS\system32\SHELL32.dll
WebCheck: E:\WINDOWS\System32\webcheck.dll
SysTray: E:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,021 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#4
Besttechie

Posted 20 May 2005 - 03:33 PM

Visiting Staff

Member
386 posts

Being helped in chat. :tazz:

#5
lynseymillar2005

Posted 20 May 2005 - 03:52 PM

Member

Topic Starter
Member
19 posts

Process list saved on 22:50:19, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
440 E:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
764 E:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation
788 E:\WINDOWS\SYSTEM32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
852 E:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
864 E:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1032 E:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1072 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe 5.0.0.0 Panda Software
1204 E:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1360 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1432 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1528 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2024 E:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
264 E:\WINDOWS\system32\spoolsv.exe 5.1.2600.2180 Microsoft Corporation
760 E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 7.0.9064.9150 Microsoft Corporation
980 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe 1.6.8.4 Panda Software
1404 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe 5.3.3.0 Panda Software
1420 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe 5.0.0.0 Panda Software
756 E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe 1.3.0.0 Panda Software
924 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe 1.3.2085.8 Panda Software
1180 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE 1.3.2085.7 Panda Software
1232 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe 2.0.0.11 Panda Software
1344 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe 1.5.3.0 Panda Software Internacional
1624 E:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1736 E:\WINDOWS\system32\wdfmgr.exe 5.2.3790.1230 Microsoft Corporation
2088 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe 5.3.14.0 Panda Software International
2184 E:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation
2320 E:\WINDOWS\SOUNDMAN.EXE 5.1.0.11 Realtek Semiconductor Corp.
2336 E:\Program Files\MessengerPlus! 3\MsgPlus.exe 3.52.0.130 Patchou
2344 E:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2352 E:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
2648 E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe 5.3.15.15 Panda Software
1040 E:\WINDOWS\system32\ntvdm.exe 5.1.2600.2180 Microsoft Corporation
3388 E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe 9.1.0.0 BillP Studios
520 E:\Program Files\MSN Messenger\msnmsgr.exe 7.0.777.0 Microsoft Corporation
432 E:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
2528 E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LMNIPQ3\HijackThis[1].exe 1.99.0.1 Soeperman Enterprises Ltd.
3756 E:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
2448 E:\Documents and Settings\user\Desktop\music\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

#6
Dragon

Posted 26 May 2005 - 07:46 PM

All Around Computer Nut

Retired Staff
2,682 posts

Download rkfiles.zip and unzip it to its own permanent folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:

* Restart the computer in Safe Mode.
* As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.

Locate the rkfiles.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\log.txt back here and I will review it when it comes in.

#7
lynseymillar2005

Posted 28 May 2005 - 09:44 AM

Member

Topic Starter
Member
19 posts

I followed your instructions, but I can't find the file C:\log.txt. I have a feeling the scan didnt work properly because it took about half a second for the window to close and you said it would take a while.

#8
Dragon

Posted 28 May 2005 - 11:03 AM

All Around Computer Nut

Retired Staff
2,682 posts

please run it again as posted above. after running it try to locate the file in Safe mode, if you locate it move it to your desktop, then boot into normal mode and post it. if you still can't find it let me know and I will come up with another line of attack.

#9
lynseymillar2005

Posted 28 May 2005 - 11:22 AM

Member

Topic Starter
Member
19 posts

Hi
I just tried it again like you said but I still can't find it even when its in safe mode..

#10
Dragon

Posted 28 May 2005 - 11:25 AM

All Around Computer Nut

Retired Staff
2,682 posts

ok, give me a little bit and I will see what I can come up with.

#11
Dragon

Posted 28 May 2005 - 12:02 PM

All Around Computer Nut

Retired Staff
2,682 posts

Download: StartDreck from: http://www.niksoft.a.../startdreck.htm

Extract the file into c:\startdreck.
Navigate to c:\startdreck and double-click on Startdreck.exe
When the program opens click on the Config button.
Then click on the unmark all button.
Put checkmarks in the following checkboxes:
Under Registry put a checkmark in the Run Keys checkbox.
Under System/Drivers put a check in the Running Proccess checkbox.
Press the OK button.
Press the Save button.

Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

Open the StartDrek.log, copy and paste the results of that log here..

#12
lynseymillar2005

Posted 28 May 2005 - 04:49 PM

Member

Topic Starter
Member
19 posts

StartDreck (build 2.1.7 public stable) - 2005-05-28 @ 23:48:42 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as user at USER-TAESPPWQLV

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=E:\WINDOWS\system32\ctfmon.exe
*MSMSGS="E:\Program Files\Messenger\msmsgs.exe" /background
*MessengerPlus3="E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
*msnmsgr="E:\Program Files\MSN Messenger\msnmsgr.exe" /background
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*SoundMan=SOUNDMAN.EXE
*APVXDWIN="E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
*EPSON PictureMate=E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"
*MessengerPlus3="E:\Program Files\MessengerPlus! 3\MsgPlus.exe"
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+456=\SystemRoot\System32\smss.exe
+768=\??\E:\WINDOWS\system32\csrss.exe
+792=\??\E:\WINDOWS\SYSTEM32\winlogon.exe
+856=E:\WINDOWS\system32\services.exe
+868=E:\WINDOWS\system32\lsass.exe
+1028=E:\WINDOWS\system32\svchost.exe
+1088=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
+1196=E:\WINDOWS\system32\svchost.exe
+1352=E:\WINDOWS\System32\svchost.exe
+1432=E:\WINDOWS\System32\svchost.exe
+1604=E:\WINDOWS\System32\svchost.exe
+1796=E:\WINDOWS\Explorer.EXE
+316=E:\WINDOWS\system32\spoolsv.exe
+716=E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+932=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
+1396=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
+1412=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
+732=E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
+116=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
+816=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
+1148=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
+1304=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
+1528=E:\WINDOWS\System32\svchost.exe
+1636=E:\WINDOWS\system32\wdfmgr.exe
+2140=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
+2180=E:\WINDOWS\System32\alg.exe
+2288=E:\WINDOWS\SOUNDMAN.EXE
+2320=E:\Program Files\MessengerPlus! 3\MsgPlus.exe
+2332=E:\WINDOWS\system32\ctfmon.exe
+2344=E:\Program Files\Messenger\msmsgs.exe
+2608=E:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
+3552=E:\Program Files\MSN Messenger\msnmsgr.exe
+2876=E:\WINDOWS\system32\wuauclt.exe
+3728=E:\Program Files\Internet Explorer\iexplore.exe
+2268=E:\Documents and Settings\user\Desktop\startdreck217\StartDreck.exe
»Application specific

#13
Dragon

Posted 29 May 2005 - 03:18 PM

All Around Computer Nut

Retired Staff
2,682 posts

well, after contacting another expert, we have determined that wepretty much covered the bases and it does not appear to be malware related. Not all computer problems are. What I recommend is you should post your problem in the OS forum.

This is what he said.

The only other thing that I can suggest here is to remove MessengerPlus! 3 and also Panda (it's a resource hog) and see if the problem goes away. If it does then reinstall Panda. I've used Panda, Norton and McAfee over the years and they all become corrupted over time and do strange thing to your computer.

#14
lynseymillar2005

Posted 29 May 2005 - 03:26 PM

Member

Topic Starter
Member
19 posts

Ok then I'll try that, thanks very much for your time!

#15
Kat

Posted 26 August 2005 - 12:49 AM

Retired

Retired Staff
19,711 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.