Hi jack this log

Discussion in 'Windows - Virus and spyware problems' started by Sniping_G, Oct 4, 2007.

  1. Sniping_G

    Sniping_G Regular member

    Joined:
    Apr 9, 2006
    Messages:
    1,028
    Likes Received:
    0
    Trophy Points:
    46
    My pc seems to be very laggy these days , eres my log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 8:59:29 PM, on 10/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Gaurang Patel\My Documents\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188102296021
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188104357209
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    --
    End of file - 5743 bytes
     
    Sniping_G, Oct 4, 2007
    #1
  2. rajput21

    rajput21 Member

    Joined:
    Sep 12, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    2. Double click on combofix.exe & follow the prompts.

    3. When finished, it shall produce a log for you.

    4. Reboot your computer and Post that log & a fresh HJT log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
    rajput21, Oct 5, 2007
    #2
  3. Sniping_G

    Sniping_G Regular member

    Joined:
    Apr 9, 2006
    Messages:
    1,028
    Likes Received:
    0
    Trophy Points:
    46
    Combo Log
    ---------
    ComboFix 07-10-07.1 - Gaurang Patel 2007-10-06 23:28:29.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.509 [GMT -4:00]
    Running from: C:\Documents and Settings\Gaurang Patel\Local Settings\Temporary Internet Files\Content.IE5\JXYEZDAB\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\MSN Messenger\msimg32.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
    .

    2007-10-06 23:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-23 03:22 <DIR> d-------- C:\Program Files\Windows Defender
    2007-09-20 00:44 <DIR> d-------- C:\My Video
    2007-09-17 13:10 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2007-09-17 12:55 <DIR> d-------- C:\Program Files\XviD
    2007-09-17 12:55 <DIR> d-------- C:\Program Files\Samsung
    2007-09-17 12:55 <DIR> d-------- C:\Program Files\MarkAny
    2007-09-17 12:55 <DIR> d-------- C:\Program Files\Lame MP3 Codec
    2007-09-12 19:22 <DIR> d--h----- C:\Documents and Settings\Gaurang Patel\Recent(2)
    2007-09-12 19:22 <DIR> d-------- C:\Program Files\UltimateBet
    2007-09-12 16:47 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
    2007-09-12 16:47 <DIR> d-------- C:\Documents and Settings\Gaurang Patel\Application Data\TuneUp Software
    2007-09-12 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-09-11 17:58 <DIR> d-------- C:\Program Files\D-Tools
    2007-09-07 17:23 945,936 --a------ C:\WINDOWS\system32\msjava(2).dll
    2007-09-07 17:23 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2007-09-07 17:23 404,752 --a------ C:\WINDOWS\system32\javart(2).dll
    2007-09-07 17:23 286,992 --a------ C:\WINDOWS\system32\vmhelper(2).dll
    2007-09-07 17:23 187,152 --a------ C:\WINDOWS\system32\javacypt(2).dll
    2007-09-07 17:23 171,280 --a------ C:\WINDOWS\system32\jit(2).dll
    2007-09-07 17:23 154,384 --a------ C:\WINDOWS\system32\msawt(2).dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-06 23:31 --------- d-------- C:\Program Files\MSN Messenger
    2007-10-04 16:31 --------- d-------- C:\Program Files\LimeWire
    2007-10-04 16:17 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\LimeWire
    2007-10-02 20:14 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\uTorrent
    2007-09-19 00:35 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-09-17 13:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-17 12:55 65024 --a------ C:\WINDOWS\IFinst26.exe
    2007-09-12 22:38 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-12 19:24 --------- d-------- C:\Program Files\Bonjour
    2007-09-12 19:22 --------- d-------- C:\Program Files\AIM6
    2007-09-12 19:22 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-09-12 19:21 --------- d-------- C:\Program Files\K-Lite Codec Pack
    2007-09-12 19:21 --------- d-------- C:\Program Files\JFK Reloaded
    2007-09-12 19:21 --------- d-------- C:\Program Files\DX-Ball
    2007-09-12 19:21 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-09-12 19:21 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-09-12 16:47 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-04 22:42 --------- d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-09-04 01:06 --------- d-------- C:\Program Files\Yahoo!
    2007-09-03 14:37 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-09-02 10:19 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Media Player Classic
    2007-09-01 07:50 --------- d-------- C:\Program Files\Alcohol Soft
    2007-09-01 06:35 --------- d-------- C:\Program Files\Google
    2007-08-30 03:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-08-30 03:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2007-08-30 03:52 --------- d-------- C:\Program Files\Viewpoint
    2007-08-30 03:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-08-30 03:51 --------- d-------- C:\Program Files\Common Files\AOL
    2007-08-27 23:30 --------- d-------- C:\Program Files\MSBuild
    2007-08-27 23:30 --------- d-------- C:\Program Files\Microsoft Works
    2007-08-27 23:29 --------- d-------- C:\Program Files\Microsoft.NET
    2007-08-27 23:21 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-08-27 03:59 --------- d-------- C:\Program Files\VirtualDJ
    2007-08-26 00:44 --------- d-------- C:\Program Files\CONEXANT
    2007-08-20 10:45 --------- d-------- C:\Documents and Settings\Pragna\Application Data\Teleca
    2007-08-20 10:45 --------- d-------- C:\Documents and Settings\Pragna\Application Data\Sony Ericsson
    2007-08-19 23:34 --------- d-------- C:\Program Files\Windows Journal Viewer
    2007-08-19 17:54 --------- d-------- C:\Program Files\Sony Ericsson
    2007-08-15 01:00 --------- d-------- C:\Program Files\MSXML 6.0
    2007-08-15 00:56 --------- d-------- C:\Program Files\MSXML 4.0
    2007-08-15 00:27 --------- d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-08-14 22:10 --------- d-------- C:\Documents and Settings\Guest\Application Data\Teleca
    2007-08-14 22:10 --------- d-------- C:\Documents and Settings\Guest\Application Data\Sony Ericsson
    2007-08-14 17:00 --------- d-------- C:\Program Files\Windows Media Connect 2
    2007-08-14 15:42 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Teleca
    2007-08-14 15:39 --------- d-------- C:\Program Files\Disc2Phone
    2007-08-14 15:37 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Sony Ericsson
    2007-08-14 15:30 --------- d-------- C:\Program Files\Common Files\Teleca Shared
    2007-08-14 15:30 --------- d-------- C:\Program Files\Common Files\Sony Ericsson Shared
    2007-08-14 15:30 --------- d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2007-08-14 15:30 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-08-14 15:28 --------- d-------- C:\Program Files\Common Files\InstallShield
    2007-08-08 20:41 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Google
    2007-08-07 22:45 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Ahead
    2007-08-06 23:45 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\Leadertech
    2007-08-06 23:45 --------- d-------- C:\Documents and Settings\Gaurang Patel\Application Data\AdobeAUM
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 18:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 17:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gaurang Patel^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Gaurang Patel\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gaurang Patel^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
    path=C:\Documents and Settings\Gaurang Patel\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
    backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    HDAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
    "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Value #1]
    c:\sysprep\test\ftest\ftest.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
    "C:\Program Files\Rogers\SelfHealing\SHS.exe" /autofix

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Program Files\Steam\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
    "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background

    S3 dump_wmimmc;dump_wmimmc;\??\C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7911699-78f8-11da-9a45-0013d3ab81ec}]
    AutoRun\command- I:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b791169d-78f8-11da-9a45-0013d3ab81ec}]
    AutoRun\command- I:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-05 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2007-10-07 03:38:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-06 23:38:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-06 23:38:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-06 23:38
    .
    --- E O F ---
    HiJACKTHIS LOG
    --------------
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:58:57 PM, on 10/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Gaurang Patel\My Documents\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188102296021
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188104357209
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    --
    End of file - 5747 bytes
     
    Sniping_G, Oct 6, 2007
    #3
  4. Sniping_G

    Sniping_G Regular member

    Joined:
    Apr 9, 2006
    Messages:
    1,028
    Likes Received:
    0
    Trophy Points:
    46
    bump
     
    Sniping_G, Oct 10, 2007
    #4
  5. svtstang

    svtstang Regular member

    Joined:
    Apr 23, 2006
    Messages:
    4,564
    Likes Received:
    0
    Trophy Points:
    46
    Only thing that is truly unnecessary is

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Besides that yoru log is very clean, except a few BHO's and active x inserts which are up to you to delete.
     
    svtstang, Oct 10, 2007
    #5
  6. micp

    micp Member

    Joined:
    Oct 10, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Whats the spec's of your PC?
    CPU speed? Memory?
     
    micp, Oct 11, 2007
    #6

Share This Page