Thread: HJT Log (very urgent)
View Single Post
Old 04-16-2006, 10:41 AM   #6 (permalink)
src2206
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,068
OS: WinXP Pro SP3

My System

Send a message via Yahoo to src2206
Cry Panda Active Scan & HJT log please help
As instructed I have taken the measures as detailed below.

Step 1: Installed CLEANUP 4.51 and ran it. It freed up around 20.54 MB of disk space. (Though during Installation I had some trouble. The application hanged whenever I wanted to change the Default Installation Directory and after hanging I could not even terminate the process using task manager or HJT. After installing to default path by mistake I clicked the help button and again it hanged. In all this cases I had to reboot. At last I was able to clean as you directed.)

Step2: Did a online virus scan using Panda. Saved the log which you shall find enclosed. During first time scan the applicaton freezed though I turned off AVG Control Centre. After rebooting I turned off all background services of Avg as well as my Zone Alarm Firewall. The scan this time completed successfully.


Step3: Ran MSCONFIG and chose normal startup. Rebooted and ran HJT. Saved the log and I am enclosing that too.

PANDA SCAN LOG:


Incident Status Location

Adware:adware/secure32 Not disinfected E:\WINDOWS\country.exe
Adware:adware/cws.searchmeup Not disinfected E:\WINDOWS\toolbar.exe
Adware:adware/powerstrip Not disinfected Windows Registry
Possible Virus. Not disinfected D:\My Documents\My Completed Downloads\OS-Adobe_Acrobat 7.0 Pro_Tryout_to_Full_Activation.exe[run.exe]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{2C20C2E6-EFE2-4234-A7EA-BC8834903B3C}\{37159949-5FCF-4BA4-A7B7-F720EA34501A}.txt[{37159949-5FCF-4BA4-A7B7-F720EA34501A}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{2C20C2E6-EFE2-4234-A7EA-BC8834903B3C}\{F4E0F731-07BC-4AFF-9A5F-4F235200E92C}.txt[{F4E0F731-07BC-4AFF-9A5F-4F235200E92C}.txt]
Spyware:Cookie/Paypopup Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{560DCF33-C67E-4899-A3D8-B65F6A972FF1}.txt[{560DCF33-C67E-4899-A3D8-B65F6A972FF1}.txt]
Spyware:Cookie/888 Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{5C527138-0ADE-45EC-8411-150F87E7FA25}.txt[{5C527138-0ADE-45EC-8411-150F87E7FA25}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{CF53017D-E377-4B2F-B897-7CC922467E35}.txt[{CF53017D-E377-4B2F-B897-7CC922467E35}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{56813E67-9032-4598-AC7B-2EE7FCD27806}\{DF341150-DA84-41E3-8456-854D5A0943BF}.txt[{DF341150-DA84-41E3-8456-854D5A0943BF}.txt]
Spyware:Cookie/YieldManager Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{0ED94141-4F4D-4D3A-9D9F-D50FD172E731}.txt[{0ED94141-4F4D-4D3A-9D9F-D50FD172E731}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{36DC5134-6453-45B6-A634-CBA912679548}.txt[{36DC5134-6453-45B6-A634-CBA912679548}.txt]
Spyware:Cookie/Belnk Not disinfected E:\Program Files\iolo\System Mechanic Professional 6\Undo\Sched\{F541538C-E618-49E4-B441-464130524BAF}\{A8AFCF8F-CF9D-432B-9CB8-67C1F2BA0AC6}.txt[{A8AFCF8F-CF9D-432B-9CB8-67C1F2BA0AC6}.txt]



HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
D:\Applications\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
E:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
E:\Documents and Settings\Administrator\Local Settings\Application

Data\Google\SearchWithGoogle\SearchWithGoogle.exe
E:\Program Files\Messenger\msmsgs.exe
D:\Applications\IDA\ida.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\AvidSDMService.exe
E:\WINDOWS\system32\cisvc.exe
E:\WINDOWS\system32\crypserv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\PROGRA~1\Grisoft\AVG7\avgw.exe
E:\WINDOWS\system32\svchost.exe
D:\Applications\Stardock\ObjectDock\ObjectDock.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Applications\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Applications\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
E:\WINDOWS\system32\wuauclt.exe
D:\Applications\uTorrent\utorrent.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Grisoft\AVG7\avgcc.exe
D:\Applications\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/...://www.yahoo.c

om
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE

provided by Proma Roy Choudhury
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator -

{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -

D:\Applications\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-

9655-716BA50C19C7} - E:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-

0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-

C89982D87CBF} - E:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

e:\program files\google\googletoolbar1.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} -

D:\Applications\IDA\idabar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32

\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YCentral] e:\progra~1\yahoo!

\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Applications\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VPatch] C:\Program

Files\VIAudioi\SBADeck\VPatch.exe 0 0 2
O4 - HKLM\..\Run: [VModes] VModes AttachToDesktop
O4 - HKLM\..\Run: [ussshreg] E:\PROGRA~1\ULEADW~1.0\Ussshreg.exe

/r
O4 - HKLM\..\Run: [SystemGuardAlerter] "E:\Program Files\iolo\System

Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1

\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpyHunter] E:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SlowDownCPU]

E:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RFAgent] D:\Applications\RFA\rfagent.exe
O4 - HKLM\..\Run: [RaidTool] E:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PCLEPCI] E:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32

\NeroCheck.exe
O4 - HKLM\..\Run: [ioloDelayModule] E:\Program Files\iolo\System

Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccRegVfy] E:\Program Files\Common Files\Symantec

Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] E:\Program Files\Common Files\Symantec

Shared\ccApp.exe
O4 - HKLM\..\Run: [BootWarn] E:\Program Files\Norton

SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [AudioDeck] E:\Program

Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program

Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe e:\windows\system32

\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Applications\Yahoo!

\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "E:\Program

Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [SearchWithGoogle] E:\Documents and

Settings\Administrator\Local Settings\Application

Data\Google\SearchWithGoogle\SearchWithGoogle.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator]

D:\Applications\IDA\ida.exe -autorun
O4 - Startup: Stardock ObjectDock.lnk =

D:\Applications\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Applications\Yahoo!\Yahoo!

Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... -

res://E:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://e:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://E:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by Free Download Manager -

file://D:\Applications\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download ALL with IDA -

D:\Applications\IDA\idaieall.htm
O8 - Extra context menu item: Download by Free Download Manager -

file://D:\Applications\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download

Manager - file://D:\Applications\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download

Manager - file://D:\Applications\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with IDA -

D:\Applications\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF

-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-

CA6EE38B68A8} - (no file)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-

4D01-9CD7-2C66DA43AC6C} - D:\Applications\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator -

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} -

D:\Applications\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .exe: E:\Program Files\Opera\PLUGINS\npida.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsof...en/x86/client/

muweb_site.cab?1136656311752
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D883000-7603-4B40-8054-

F96D7E8EB033}: NameServer =

202.54.9.1,202.9.145.6,203.197.12.30,202.54.1.30,2 02.54.6.50
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1

\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - D:\APPLIC~1\Stardock\OBJECT~2

\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - E:\Program

Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology,

Inc. - E:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner -

E:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

E:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - E:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -

E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead

Systems, Inc. - E:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

E:\WINDOWS\system32\ZoneLabs\vsmon.exe



Plese instruct me regarding future actions.

Thank You


PS: I'm going to delete all the files as shone in Panda Active Scan using KILLBOX. But dont know what to do with the registry value. Ran ADAWARE 1.06 full system scan but nothing came out as critical object.
src2206 is offline