Thread: HJT Log (very urgent)
View Single Post
Old 04-16-2006, 02:40 AM   #3 (permalink)
src2206
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,068
OS: WinXP Pro SP3

My System

Send a message via Yahoo to src2206
Pin HJT Log (very urgent)
HI Vikesrock8411,
Thank you very much for your prompt reply. As you have instructed I have taken the measures as detailed below.

Step 1: Installed CLEANUP 4.51 and ran it. It freed up around 20.54 MB of disk space. (Though during Installation I had some trouble. The application hanged whenever I wanted to change the Default Installation Directory and after hanging I could not even terminate the process using task manager or HJT. After installing to default path by mistake I clicked the help button and again it hanged. In all this cases I had to reboot. At last I was able to clean as you directed.)

Step2: Did a online virus scan using Panda. Saved the log which you shall find enclosed. During first time scan the applicaton freezed though I turned off AVG Control Centre. After rebooting I turned off all background services of Avg as well as my Zone Alarm Firewall. The scan this time completed successfully.


Step3: Ran MSCONFIG and chose normal startup. Rebooted and ran HJT. Saved the log and I am enclosing that too.

PANDA SCAN LOG:


Incident Status Location

Adware:adware/secure32 Not disinfected E:\WINDOWS\country.exe
Adware:adware/cws.searchmeup Not disinfected E:\WINDOWS\toolbar.exe
Adware:adware/powerstrip Not disinfected Windows Registry
Possible Virus. Not disinfected D:\My Documents\My Completed Downloads\OS-Adobe_Acrobat 7.0 Pro_Tryout_to_Full_Activation.exe[run.exe]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{2C20C2E6-EFE2-4234-A7EA-BC8834903B3C}\{37159949-5FCF-4BA4-A7B7-F720EA34501A}.txt[{37159949-5FCF-4BA4-A7B7-F720EA34501A}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{2C20C2E6-EFE2-4234-A7EA-BC8834903B3C}\{F4E0F731-07BC-4AFF-9A5F-4F235200E92C}.txt[{F4E0F731-07BC-4AFF-9A5F-4F235200E92C}.txt]
Spyware:Cookie/Paypopup Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{560DCF33-C67E-4899-A3D8-B65F6A972FF1}.txt[{560DCF33-C67E-4899-A3D8-B65F6A972FF1}.txt]
Spyware:Cookie/888 Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{5C527138-0ADE-45EC-8411-150F87E7FA25}.txt[{5C527138-0ADE-45EC-8411-150F87E7FA25}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{CF53017D-E377-4B2F-B897-7CC922467E35}.txt[{CF53017D-E377-4B2F-B897-7CC922467E35}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{DF341150-DA84-41E3-8456-854D5A0943BF}.txt[{DF341150-DA84-41E3-8456-854D5A0943BF}.txt]
Spyware:Cookie/YieldManager Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{0ED94141-4F4D-4D3A-9D9F-D50FD172E731}.txt[{0ED94141-4F4D-4D3A-9D9F-D50FD172E731}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{36DC5134-6453-45B6-A634-CBA912679548}.txt[{36DC5134-6453-45B6-A634-CBA912679548}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{A8AFCF8F-CF9D-432B-9CB8-67C1F2BA0AC6}.txt[{A8AFCF8F-CF9D-432B-9CB8-67C1F2BA0AC6}.txt]



HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
D:\Applications\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
E:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
E:\Documents and Settings\Administrator\Local Settings\Application

Data\Google\SearchWithGoogle\SearchWithGoogle.exe
E:\Program Files\Messenger\msmsgs.exe
D:\Applications\IDA\ida.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\AvidSDMService.exe
E:\WINDOWS\system32\cisvc.exe
E:\WINDOWS\system32\crypserv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\PROGRA~1\Grisoft\AVG7\avgw.exe
E:\WINDOWS\system32\svchost.exe
D:\Applications\Stardock\ObjectDock\ObjectDock.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Applications\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\wuauclt.exe
D:\Applications\uTorrent\utorrent.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Grisoft\AVG7\avgcc.exe
D:\Applications\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE

provided by Proma Roy Choudhury
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator -

{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -

D:\Applications\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-

9655-716BA50C19C7} - E:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-

0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-

C89982D87CBF} - E:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

e:\program files\google\googletoolbar1.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} -

D:\Applications\IDA\idabar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32

\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YCentral] e:\progra~1\yahoo!

\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Applications\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VPatch] C:\Program

Files\VIAudioi\SBADeck\VPatch.exe 0 0 2
O4 - HKLM\..\Run: [VModes] VModes AttachToDesktop
O4 - HKLM\..\Run: [ussshreg] E:\PROGRA~1\ULEADW~1.0\Ussshreg.exe

/r
O4 - HKLM\..\Run: [SystemGuardAlerter] "E:\Program Files\iolo\System

Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1

\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpyHunter] E:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SlowDownCPU]

E:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RFAgent] D:\Applications\RFA\rfagent.exe
O4 - HKLM\..\Run: [RaidTool] E:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PCLEPCI] E:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32

\NeroCheck.exe
O4 - HKLM\..\Run: [ioloDelayModule] E:\Program Files\iolo\System

Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccRegVfy] E:\Program Files\Common Files\Symantec

Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] E:\Program Files\Common Files\Symantec

Shared\ccApp.exe
O4 - HKLM\..\Run: [BootWarn] E:\Program Files\Norton

SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [AudioDeck] E:\Program

Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program

Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe e:\windows\system32

\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Applications\Yahoo!

\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "E:\Program

Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [SearchWithGoogle] E:\Documents and

Settings\Administrator\Local Settings\Application

Data\Google\SearchWithGoogle\SearchWithGoogle.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator]

D:\Applications\IDA\ida.exe -autorun
O4 - Startup: Stardock ObjectDock.lnk =

D:\Applications\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Applications\Yahoo!\Yahoo!

Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... -

res://E:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://e:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by Free Download Manager -

file://D:\Applications\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download ALL with IDA -

D:\Applications\IDA\idaieall.htm
O8 - Extra context menu item: Download by Free Download Manager -

file://D:\Applications\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download

Manager - file://D:\Applications\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download

Manager - file://D:\Applications\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with IDA -

D:\Applications\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF

-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-

CA6EE38B68A8} - (no file)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-

4D01-9CD7-2C66DA43AC6C} - D:\Applications\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator -

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} -

D:\Applications\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .exe: E:\Program Files\Opera\PLUGINS\npida.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsof...en/x86/client/

muweb_site.cab?1136656311752
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D883000-7603-4B40-8054-

F96D7E8EB033}: NameServer =

202.54.9.1,202.9.145.6,203.197.12.30,202.54.1.30,202.54.6.50
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1

\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - D:\APPLIC~1\Stardock\OBJECT~2

\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - E:\Program

Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology,

Inc. - E:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner -

E:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

E:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - E:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -

E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead

Systems, Inc. - E:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

E:\WINDOWS\system32\ZoneLabs\vsmon.exe



Plese instruct me regarding future actions.

Thank You
src2206 is offline