Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I've got something, but not sure what [CLOSED]


  • This topic is locked This topic is locked

#1
maz22

maz22

    New Member

  • Member
  • Pip
  • 6 posts
I'd just like to say hello to everyone working hard to help keep us virus clean. :tazz:

I swear I have the necessary protection(freeware firewall, antivirus), but some things sneak through wvery now and then. Nothing seems to get rid of what I got. I got some processes that I'm not sure about as well. I could have sworn I got service pack 2, but I guess I don't. Here's my hi-jack log.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:40 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firewall\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xp Updates\AntiSpywearBeta\gcasDtServ.exe
C:\Program Files\Filezilla\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Firewall\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Xp Updates\AntiSpywearBeta\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9CD3418B-4017-42F5-9DA4-8DB20727B110} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9CD3418B-4017-42F5-9DA4-8DB20727B110} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124377282029
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124377273767
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Firewall\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Edited by maz22, 22 August 2005 - 06:09 PM.

  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi maz22 and welcome to GeeksToGo!

open Hijackthis and do a scan. Please check off the following items:

O9 - Extra button: Microsoft AntiSpyware helper - {9CD3418B-4017-42F5-9DA4-8DB20727B110} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9CD3418B-4017-42F5-9DA4-8DB20727B110} - (no file) (HKCU)


click FIX CHECKED then close Hijackthis

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if the main link does not work) and install it.


Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot

Besides that everything looks fine.


Any problems?

Thanks,


:tazz:

Excal
  • 0

#3
maz22

maz22

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the reply. I Adware is telling me I still have a possible infection. Here is the link I copied/pasted from the Adware log.

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, August 23, 2005 9:52:35 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R61 10.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R61 10.08.2005
Internal build : 71
File location : C:\Program Files\Ad-Aware SE Personal\defs.ref
File size : 508229 Bytes
Total size : 1531791 Bytes
Signature data size : 1498915 Bytes
Reference data size : 32364 Bytes
Signatures total : 42681
Fingerprints total : 1003
Fingerprints size : 35408 Bytes
Target categories : 15
Target families : 729


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:69 %
Total physical memory:752624 kb
Available physical memory:514740 kb
Total page file size:1009608 kb
Available on page file:810800 kb
Total virtual memory:2097024 kb
Available virtual memory:2047944 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-23-2005 9:52:35 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 584
ThreadCreationTime : 8-23-2005 3:32:48 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 8-23-2005 3:32:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 8-23-2005 3:33:01 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 8-23-2005 3:33:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 8-23-2005 3:33:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 8-23-2005 3:33:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 8-23-2005 3:33:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : C:\Program Files\Firewall\
ProcessID : 1072
ThreadCreationTime : 8-23-2005 3:33:03 PM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 8-23-2005 3:33:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1348
ThreadCreationTime : 8-23-2005 3:33:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1556
ThreadCreationTime : 8-23-2005 3:33:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1784
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1796
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [cdantsrv.exe]
FilePath : C:\WINDOWS\System32\DRIVERS\
ProcessID : 1808
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 3.24.010
ProductVersion : 3.24.010 Windows NT 2001/10/10
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:15 [hpconfig.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1844
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
ProductName : HPConfig Module
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
LegalCopyright : Hewlett-Packard Copyright © 1999-2002
OriginalFilename : HPConfig.EXE
Comments : HP Configuration Interface Service

#:16 [hpwirelessmgr.exe]
FilePath : C:\Program Files\HPQ\Notebook Utilities\
ProcessID : 1884
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : HPWirelessMgr Module
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
LegalCopyright : Hewlett-Packard Copyright 2002
OriginalFilename : HPWirelessMgr.EXE
Comments : HP Wireless On/Off Button Service

#:17 [quatinst.exe]
FilePath : C:\Program Files\M-Audio USB Quattro\Install\
ProcessID : 1924
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 2
ProductName : Quattro
CompanyName : M-Audio
FileDescription : Quattro Installer service
InternalName : quatinst.exe
LegalCopyright : Copyright © 2003 M-Audio, Inc. All Rights Reserved.
OriginalFilename : quatinst.exe

#:18 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1976
ThreadCreationTime : 8-23-2005 3:33:13 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 572
ThreadCreationTime : 8-23-2005 3:33:20 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [lwbwheel.exe]
FilePath : C:\Program Files\Browser Mouse\1.0\
ProcessID : 940
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal
FileVersion : 9.0.2.0
ProductVersion : 9.0.0.0
FileDescription : Mouse Control Application
LegalCopyright : Copyright 2000 By LEE,WEI-BIN.

#:21 [onetouch.exe]
FilePath : C:\Program Files\HPQ\One-Touch\
ProcessID : 1148
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
LegalCopyright : Copyright © 2003 Dritek System Inc.
OriginalFilename : OneTouch.exe

#:22 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal
FileVersion : 5.03.09.00
ProductVersion : 5.03.09.00
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2002
OriginalFilename : carpserv.exe

#:23 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1304
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:24 [logi_mwx.exe]
FilePath : C:\WINDOWS\
ProcessID : 1328
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal
FileVersion : 9.79.024
ProductVersion : 9.79.024
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1336
ThreadCreationTime : 8-23-2005 3:33:21 PM
BasePriority : Normal


#:26 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1320
ThreadCreationTime : 8-23-2005 3:33:22 PM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:27 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1404
ThreadCreationTime : 8-23-2005 3:33:22 PM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:28 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1400
ThreadCreationTime : 8-23-2005 3:33:22 PM
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:29 [gcasdtserv.exe]
FilePath : C:\Program Files\Xp Updates\AntiSpywearBeta\
ProcessID : 340
ThreadCreationTime : 8-23-2005 3:33:27 PM
BasePriority : Normal
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:30 [firefox.exe]
FilePath : C:\Program Files\Filezilla\
ProcessID : 2504
ThreadCreationTime : 8-23-2005 3:34:26 PM
BasePriority : Normal


#:31 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 3928
ThreadCreationTime : 8-23-2005 3:47:37 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : "regedit.exe" "%1"
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : "regedit.exe" "%1"

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

10:03:59 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:24.895
Objects scanned:139287
Objects identified:1
Objects ignored:0
New critical objects:1

And here's the lastest Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:37 AM, on 8/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firewall\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xp Updates\AntiSpywearBeta\gcasDtServ.exe
C:\Program Files\Filezilla\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} -

C:\Program Files\Microsoft Office\Office\MDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser

Mouse\1.0\LwbWheel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\System\cpqs\scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program

Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook

Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Firewall\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Xp

Updates\AntiSpywearBeta\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.micros...ls/en/x86/clien

t/wuweb_site.cab?1124377282029
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...ls/en/x86/clien

t/muweb_site.cab?1124377273767
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)

-

http://a840.g.akamai....trendmicro.com

/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline

Control) - http://www.bitdefend...bitdefender.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) -

Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program

Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio -

C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate

Technologies, Inc. - C:\Program Files\Firewall\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Other than that everything else seems ok.
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
It maybe just a reg file that is empty now.

I think it would serve you well to clean your registry!
  • Please dowload: RegSeeker.
  • Click on "Clean The Registry" in the left panel.
  • Check all boxes (make sure the backup box in the lower left corner is selected!).
  • After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
  • Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!

After that reboot and Run this online virus scan: ActiveScan - Please save and post the results from the scan!

Thanks,

:tazz:

Excal
  • 0

#5
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP