Thread: need help with log
View Single Post
Old 01-12-2008, 11:54 PM   #8 (permalink)
Chewy
Registered User
 
Chewy's Avatar
 
Join Date: Apr 2007
Posts: 56
OS: xp


Re: need help with log
here is my new hijack log and findlop.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:05 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-21-551621690-1833427598-2558029555-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-551621690-1833427598-2558029555-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-551621690-1833427598-2558029555-1003\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138764468335
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8969 bytes


Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\All Users\Application Data

12/16/2007 11:38 AM <DIR> Adobe
10/28/2007 08:17 AM <DIR> Apple
10/28/2007 08:23 AM <DIR> Apple Computer
10/27/2007 08:34 AM <DIR> Avg7(2)
08/18/2007 04:48 PM <DIR> DVD Shrink
10/31/2007 10:17 AM <DIR> Google
10/27/2007 08:35 AM <DIR> Grisoft
01/13/2008 12:54 AM <DIR> Kaspersky Lab
01/09/2008 12:20 PM <DIR> Kaspersky Lab Setup Files
10/27/2007 07:33 AM <DIR> Kaspersky Lab(2)
10/27/2007 08:33 AM <DIR> Kodak
11/05/2007 12:13 AM <DIR> Lavasoft
05/03/2007 11:44 AM <DIR> Nero
12/19/2007 11:32 AM <DIR> Participatory Culture Foundation
06/28/2005 06:55 PM <DIR> pixelStorm
07/28/2006 12:05 PM <DIR> PopCap
11/11/2004 04:26 AM <DIR> Prism Deploy
11/11/2004 04:26 AM <DIR> Pure Networks
09/09/2007 03:06 PM <DIR> PurePlay
12/04/2007 10:26 PM 1,353 QTSBandwidthCache
07/02/2006 01:36 AM <DIR> QuickTime
04/30/2007 01:54 PM <DIR> Spybot - Search & Destroy
04/23/2007 11:24 PM <DIR> Symantec
06/12/2006 02:16 AM <DIR> Ulead Systems
05/02/2006 11:41 AM <DIR> Windows Genuine Advantage
1 File(s) 1,353 bytes
24 Dir(s) 18,959,872,000 bytes free
Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\Chewy\Application Data

08/26/2004 12:09 PM <DIR> Identities
11/11/2004 04:29 AM <DIR> McAfee
11/11/2004 04:29 AM <DIR> SampleView
0 File(s) 0 bytes
3 Dir(s) 18,959,872,000 bytes free
Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\Owner\Application Data

04/21/2007 02:05 AM <DIR> Adobe
08/25/2006 09:12 PM <DIR> AdobeAUM
08/25/2006 04:05 PM <DIR> AdobeUM
07/08/2007 05:09 PM <DIR> Ahead
07/02/2006 03:00 PM <DIR> Apple Computer
10/27/2007 08:34 AM <DIR> AVG7(2)
04/10/2007 10:35 PM 87,608 ezpinst.exe
12/26/2005 09:51 PM <DIR> FUJIFILM
01/23/2006 12:24 AM <DIR> Google
06/12/2006 01:49 AM <DIR> Help
08/26/2004 12:09 PM <DIR> Identities
04/14/2007 11:57 PM <DIR> Lavasoft
08/25/2006 09:16 PM <DIR> Leadertech
07/24/2006 01:13 AM <DIR> Macromedia
05/15/2005 10:44 PM <DIR> McAfee
12/19/2007 11:33 AM <DIR> Mozilla
05/06/2005 06:27 PM <DIR> MSNInstaller
01/09/2008 01:28 PM <DIR> OpenOffice.org2
12/19/2007 11:33 AM <DIR> Participatory Culture Foundation
01/09/2008 11:29 AM <DIR> PCF-VLC
04/10/2007 10:35 PM 1,074 pcouffin.cat
04/10/2007 10:35 PM 1,144 pcouffin.inf
04/10/2007 10:35 PM 34 pcouffin.log
04/10/2007 10:35 PM 47,360 pcouffin.sys
11/11/2004 04:29 AM <DIR> SampleView
05/08/2005 10:38 PM <DIR> Sun
04/23/2007 10:22 PM <DIR> Symantec
10/08/2007 04:18 PM <DIR> TorrentSoftware
04/29/2006 06:36 PM <DIR> Ulead Systems
07/14/2007 11:24 AM <DIR> vlc
01/09/2008 09:21 PM <DIR> Vso
05/15/2005 10:46 PM 0 wklnhst.dat
06/12/2006 02:15 AM <DIR> Xerox
6 File(s) 137,220 bytes
27 Dir(s) 18,959,859,712 bytes free
Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\Default User\Application Data

11/11/2004 04:29 AM <DIR> .
11/11/2004 04:29 AM <DIR> ..
08/26/2004 04:54 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 18,959,831,040 bytes free
Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 7CAD-B36B

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/08/2008 9:19:00
NextRun: 01/15/2008 9:19:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 10/28/2007
EndDate: 00/00/0000
StartTime: 09:19
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
Attached Files
File Type: txt findlop.txt (5.8 KB, 2 views)
Chewy is offline