|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-10-2007, 10:22 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 15
OS: XP
|
Strange set of symptoms
Hello Techsupportforum,
The following log is in regards to a post I made in the windows help forum: http://www.techsupportforum.com/micr...eone-help.html I've followed the 5-steps so far and I'm not sure if I'm breaking the "only post in one thread" rule by following the "only post hijackthis logs in the hijackthis forum" rule :). My apologies if I am. Here is a breif re-cap of the problems I'm experiencing: 1. When opening a folder, the system freezes for 15 seconds, then it is fine. Programs do not seem to have this problem, just folder windows. 2. XP's built-in .zip viewer tool doesn't work. I see an hourglass for a few seconds, then nothing happens. 3. Cannot use the Run or Internet buttons on the start menu. Instead, I get the message: "Cannot create shortcut here. Would you like to create a shortcut on the desktop". Thanks for any help! This problem has really bee frustrating me. Here's the Hijack this log. Extra.txt is attached. Deckard's System Scanner v20070905.67 Run by Me on 2007-09-10 22:27:45 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 90: 2007-09-11 03:27:51 UTC - RP401 - Deckard's System Scanner Restore Point 89: 2007-09-11 02:51:09 UTC - RP400 - Software Distribution Service 3.0 88: 2007-09-10 17:27:10 UTC - RP399 - System Checkpoint 87: 2007-09-09 11:38:51 UTC - RP398 - Installed WinZip 11.1 86: 2007-09-08 22:55:38 UTC - RP397 - System Checkpoint -- First Restore Point -- 1: 2007-06-13 17:45:59 UTC - RP312 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Me.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:47 PM, on 9/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\ProcessGuard\dcsuserprot.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Documents and Settings\Me\Desktop\dss.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Me.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thechicagoschool.edu/cont...m/global_login R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: Shortcut to PowerMenu.exe.lnk = C:\Program Files\PowerMenu\PowerMenu.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188931477734 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8534 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 procguard - c:\windows\system32\drivers\procguard.sys S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 DCSPGSRV (DiamondCS Process Guard Service v3.000) - "c:\program files\processguard\dcsuserprot.exe" <Not Verified; DiamondCS; DiamondCS Usermode Aspect> S4 freenet-darknet-8888 (Freenet 0.7 darknet-8888) - "c:\program files\freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\freenet\wrapper.conf" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-09-04 15  01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2007-08-10 and 2007-09-10 ----------------------------- 2007-09-10 22:35:33 0 d-------- C:\Program Files\Trend Micro 2007-09-10 21:51:26 0 d-------- C:\Program Files\MSXML 4.0 2007-09-09 06:39:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-08 12:10:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-09-08 12:10:40 0 d-------- C:\Documents and Settings\Me\Application Data\Azureus 2007-09-06 17:01:04 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-09-05 00:13:54 0 d-------- C:\WINDOWS\network diagnostic 2007-09-04 15:04:56 0 d-------- C:\WINDOWS\system32\PreInstall 2007-09-04 13:46:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-09-03 22:16:06 23 --ahs---- C:\WINDOWS\system32\eabaeeadf9_g.dll 2007-09-03 22:15:46 0 d-------- C:\Program Files\RegSupreme 2007-09-03 12:50:42 266240 --a------ C:\WINDOWS\system32\hpdj3500 <Not Verified; HP; HP DeskJet> 2007-09-01 10:55:48 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; > 2007-08-31 08:04:10 266240 --a------ C:\WINDOWS\system32\hpdj <Not Verified; HP; HP DeskJet> 2007-08-28 14:19:35 1929216 --a------ C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies http://www.amyuni.com; Amyuni Common Driver Interface> 2007-08-28 14:16:54 0 d-------- C:\Program Files\SPSS 2007-08-23 15:09:46 12288 --a------ C:\WINDOWS\system32\APFMON40.DLL <Not Verified; TurboPower Software Company; Async Professional> 2007-08-23 15:09:44 120832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL <Not Verified; TurboPower Software Company; Async Professional> 2007-08-23 15:09:42 0 d-------- C:\Program Files\Mightyfax 2007-08-14 23:39:35 0 d-------- C:\Documents and Settings\Me\Patches 2007-08-14 00:51:23 0 d-------- C:\Program Files\World of Warcraft 2007-08-10 18:42:21 0 d-------- C:\Program Files\PDFCreator Toolbar 2007-08-10 18:41:43 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2007-08-10 18:41:42 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek> 2007-08-10 18:41:42 0 d-------- C:\Program Files\PDFCreator 2007-08-10 18:33:29 0 d-------- C:\Program Files\Foxit Software 2007-08-10 14:52:18 0 d-------- C:\WINDOWS\SxsCaPendDel -- Find3M Report --------------------------------------------------------------- 2007-09-10 22:35:42 480556 --a------ C:\WINDOWS\system32\pghash.dat 2007-09-10 22:14:58 259336 --a------ C:\WINDOWS\system32\pguard.dat 2007-09-10 17:10:25 205 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-09-09 16:47:06 86360 --a------ C:\Documents and Settings\Me\Application Data\GDIPFONTCACHEV1.DAT 2007-09-08 12:15:58 0 d-------- C:\Program Files\BitTyrant 2007-09-08 12:10:37 0 d-------- C:\Documents and Settings\Me\Application Data\BitTyrant 2007-09-07 11:40:32 0 d-------- C:\Program Files\ScreenPrint32 v3 2007-09-07 11:40:30 0 d-------- C:\Program Files\RocketDock 2007-09-07 11:38:37 0 d-------- C:\Program Files\ProcessGuard 2007-09-07 11:38:35 0 d-------- C:\Program Files\PowerMenu 2007-09-04 17:37:27 0 d-------- C:\Documents and Settings\Me\Application Data\U3 2007-09-03 13:09:35 0 d-------- C:\Documents and Settings\Me\Application Data\AVG7 2007-09-03 12:50:46 0 d-------- C:\Program Files\Hewlett-Packard 2007-08-31 08:05:48 0 d-------- C:\Program Files\Hp 2007-08-28 13:17:46 0 d-------- C:\Program Files\SPSSEVAL 2007-08-27 19:15:28 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-08-20 04:34:10 0 d-------- C:\Program Files\Java 2007-08-14 20:53:31 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-08-10 18:25:47 0 d-------- C:\Program Files\Common Files 2007-08-10 18:00:07 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-10 15 29 0 d-------- C:\Program Files\support.com2007-08-07 15:48:40 0 d-------- C:\Program Files\iTunes 2007-08-07 15:48:32 0 d-------- C:\Program Files\iPod 2007-08-07 12:01:08 0 d-------- C:\Documents and Settings\Me\Application Data\Adobe 2007-07-27 00:29:18 0 d-------- C:\Program Files\Real Desktop 2007-07-24 00:29:19 145674 --a------ C:\Documents and Settings\Me\Application Data\Cosmos Prefs 2007-07-14 13:00:51 0 d-------- C:\Program Files\QuickTime 2007-07-14 12:59:09 0 d-------- C:\Program Files\Apple Software Update 2007-07-14 12:51:50 0 d-------- C:\Program Files\Freenet 2007-06-21 10:50:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 09:49 PM] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 06:29 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/04/2006 12:46 AM] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/11/2006 11:54 PM] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/07/2006 03:38 PM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/22/2006 10:03 AM] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/15/2006 01:26 PM] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 04:48 PM] "ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 08:36 PM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/19/2007 09:31 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/16/2007 11:45 AM] "!1_pgaccount"="C:\Program Files\ProcessGuard\pgaccount.exe" [01/20/2005 02:14 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/06/2007 01:26 PM] "!1_ProcessGuard_Startup"="C:\Program Files\ProcessGuard\procguard.exe" [01/20/2005 02:24 PM] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [01/28/2007 04:55 AM] C:\Documents and Settings\Me\Start Menu\Programs\Startup\ Shortcut to PowerMenu.exe.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [1/13/2007 11:59:42 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^StartUp^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\Me\Start Menu\Programs\StartUp\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1153807634\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /nodetect [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] C:\Windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) "LightScribeService"=2 (0x2) "hpqwmiex"=2 (0x2) "freenet-darknet-8888"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9908708e-50c2-11db-9de5-001302507753}] AutoRun\command- G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9ebfb90-5b24-11dc-9ee1-001302507753}] AutoRun\command- I:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9ebfb91-5b24-11dc-9ee1-001302507753}] AutoRun\command- H:\LaunchU3.exe -a *Newly Created Service* - EHRECVR *Newly Created Service* - EHSCHED *Newly Created Service* - MCRDSVC -- End of Deckard's System Scanner: finished at 2007-09-10 22:36:47 ------------ |
|
     
|
|
09-13-2007, 10:01 AM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 15
OS: XP
|
Re: Strange set of symptoms
Helping you help me:
I'm beginning to think that I have a corrupt shell. Explorer is screwed up and who knows what else. I ran a system file check (sfc /scannow) and it did suggest that I repair some files. Unfortunately, it asks for the win XP disks, which never came with my computer. I have a back-up directory and an i386 folder on the c: drive. I've modified the registry for sfc to look in those folders, but to no avail. If it turns out that malware is not the problem, I would greatly appreciate any help on how to fix widows. I'm dreading the thought of having to restore the system back to day 1. I've never used the restorepoints feature before. Is that worth trying? Thanks. |
|
|
|
|
09-13-2007, 10:05 AM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,435
OS: 2000 Pro; XP Pro; XP Home
|
Re: Strange set of symptoms
This does not appear malware related to me. I see you've run a reg cleaner, these can be dangerous to a machine if not used with caution.
You also have a few errors showing from Event Viewer. Truthfully, you'd be better served posting for help in the WindowsXP section of the forum, with no HijackThis log attached. Any inclusion of a HijackThis log gets you shunted over here.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
09-13-2007, 10:10 AM
|
#5 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 15
OS: XP
|
Re: Strange set of symptoms
Hehe, thanks, Tetonbob. I'll head back over that way. I feel like I'm at the DMV :).
Let's consider this thread closed. I'm not sure how to do that, or if I even have such permissions. Please assist. |
|
|
|
|
09-13-2007, 10:23 AM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,435
OS: 2000 Pro; XP Pro; XP Home
|
Re: Strange set of symptoms
Yeah, sorry about the constant shuffling....by posting the HijackThis log in the Windows XP forum, it invariably gets the thread moved, as only our HJT removal staff are permitted to review and assist in threads with such logs.
I see you did mention some virus found by Panda....did you happen to save that log, so I can see what they were? Sometimes, they are false positives. With all the system corruption you're indicating, you're still better off trying to restore functionality to the machine first in this case.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
| Thread Tools | |
|
|
