Tech Support Forum banner
Cancel

Cookie Problems - caused by 'HijackThis'

805 Views 3 Replies 2 Participants Last post by  silken
S
I noticed that my internet connection was getting slower and slower and then I was unable to go onto certain sites because of cookies disabled... I found out info on google and changed the settings on Internet Options... but it kept reverting to cookies disabled. While I was checking 'security' and 'trusted sites', I saw a site called 'asia.msi.com.tw'... and I thought strange... so I googled it and somehow got a copy of a log file which had, among other things, HijackThis.exe.

Copy of the mysterious logfile;

Logfile of HijackThis v1.99.1
Scan saved at 23:49:48, on 06.03.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Users\Hell-Spawn\Program Files (x86)\BitTorrent_DNA\dna.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\TeamSpeak\teamspeak2_RC2\TeamSpeak2.exe
C:\Users\Hell-Spawn\zwischenspeicher\tsadminclient11\TSAdminClient.exe
C:\Users\Hell-Spawn\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [PcSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Hell-Spawn\Program Files (x86)\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


I then spent the night removing my son's dubious programmes and going through your 5 steps.... which I managed... but when I first opened the programme called 'IE-SPYAD', my computer totally hung and regardless of switching it off and on, it just wouldn't do anything.. so I had no option but to restore the system..... and try loading it on again, which I was successful...

Could you please help me.... Here's a copy of the main log:

Deckard's System Scanner v20071014.68
Run by user on 2008-05-29 09:14:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
20: 2008-05-29 07:22:58 UTC - RP96 - Restore Operation
19: 2008-05-29 05:21:56 UTC - RP95 - Removed Vista Manager
18: 2008-05-29 05:07:28 UTC - RP94 - Configured PowerDVD
17: 2008-05-29 05:04:39 UTC - RP92 - Removed CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension.
16: 2008-05-29 04:32:07 UTC - RP91 - Removed Corel Paint Shop Pro Photo X2.


-- First Restore Point --
1: 2008-05-20 11:59:24 UTC - RP76 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-29 09:18:30
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
C:\Windows\System32\mobsync.exe
C:\Users\user\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: bigmaq Toolbar - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Ashampoo AntiVirus Service.lnk = C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: https://www.bankofscotlandhalifax-online.co.uk (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw (HKCU)
O15 - Trusted Zone: http://global.msi.com.tw (HKCU)
O15 - Trusted Zone: http://www.msi.com.tw (HKCU)
O15 - Trusted Zone: https://access.woodgroup.com (HKCU)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD40/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///I:/SuperCD/IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\System32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 10095 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
R3 AshAvScan - c:\windows\system32\drivers\ashavscan.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 20:06:07 406 --a------ C:\Windows\Tasks\Norton Security Scan.job


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 08:45:05 0 d-------- C:\ie-spyad_zo
2008-05-29 08:00:37 0 d-------- C:\Program Files\SpywareBlaster
2008-05-29 06:35:35 0 d-------- C:\Program Files\Panda Security
2008-05-29 05:10:55 0 d-------- C:\Windows\system32\appmgmt
2008-05-29 00:48:54 0 d-a------ C:\Users\All Users\TEMP
2008-05-29 00:03:41 0 d-------- C:\Program Files\Lavasoft
2008-05-29 00:03:40 0 d-------- C:\Users\All Users\Lavasoft
2008-05-28 23:06:18 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-27 10:38:44 88 -r-hs---- C:\Windows\system32\2303A149F3.sys
2008-05-27 00:49:54 2516 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-05-26 23:35:48 0 d-------- C:\Users\All Users\InstallShield
2008-05-26 23:34:40 0 d-------- C:\Program Files\Jasc Software Inc
2008-05-25 13:04:19 0 d-------- C:\Program Files\QuickTime
2008-05-25 13:04:12 0 d-------- C:\Users\All Users\Apple Computer
2008-05-25 13:03:41 0 d-------- C:\Program Files\OLYMPUS
2008-05-25 13:02:54 0 d-------- C:\Program Files\MSXML 4.0
2008-05-18 21:57:26 0 d-------- C:\Users\All Users\Trymedia
2008-05-18 21:56:20 0 d-------- C:\Program Files\ValuSoft
2008-05-18 20:32:18 17408 --a------ C:\Windows\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-05-18 20:32:16 0 d-------- C:\Program Files\PrevxCSI
2008-05-18 20:30:58 0 d-------- C:\Users\All Users\PrevxCSI
2008-05-18 13:50:43 0 d-------- C:\Users\All Users\FLEXnet
2008-05-18 13:45:58 0 d-------- C:\Program Files\Bonjour
2008-05-18 13:36:26 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 14:01:18 0 d-------- C:\Program Files\Alcohol Soft
2008-05-14 10:57:43 0 d-------- C:\Program Files\EuroTalk
2008-05-08 12:24:12 0 d-------- C:\Program Files\LimeWire
2008-05-02 14:58:40 0 d-------- C:\ProgramDataTechSmith
2008-05-02 14:56:11 0 d-------- C:\Program Files\TechSmith
2008-05-02 14:55:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 14:46:23 0 d-------- C:\Program Files\VoipStunt.com
2008-05-01 15:01:00 0 d-------- C:\Program Files\Red Eye Pilot
2008-04-30 23:19:18 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-30 23:18:25 0 d-------- C:\Program Files\AMP WinOFF
2008-04-30 19:16:23 682232 --a------ C:\Windows\system32\drivers\sptd.sys
2008-04-30 19:10:06 0 d-------- C:\Users\All Users\Tages
2008-04-30 18:47:35 0 d-------- C:\Elektrogames
2008-04-30 16:18:40 110592 --a------ C:\Windows\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-04-29 23:28:04 0 d-------- C:\Users\All Users\DAEMON Tools Pro
2008-04-29 22:57:55 0 d-------- C:\Program Files\MagicDisc
2008-04-29 18:50:16 0 d-------- C:\Program Files\Elaborate Bytes


-- Find3M Report ---------------------------------------------------------------

2008-05-29 08:27:26 0 d-------- C:\Program Files\Google
2008-05-29 08:27:26 0 d-------- C:\Program Files\bigmaq
2008-05-29 06:12:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-29 06:12:37 0 d-------- C:\Program Files\CyberLink
2008-05-29 05:43:13 0 d-------- C:\Program Files\Common Files\Corel
2008-05-29 05:43:12 0 d-------- C:\Program Files\Corel
2008-05-29 05:43:11 0 d-------- C:\Users\user\AppData\Roaming\Corel
2008-05-27 00:48:32 0 d-------- C:\Users\user\AppData\Roaming\InstallShield
2008-05-27 00:32:27 0 d-------- C:\Users\user\AppData\Roaming\LimeWire
2008-05-27 00:13:54 0 d-------- C:\Program Files\Common Files
2008-05-26 23:35:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 22:58:28 0 d-------- C:\Users\user\AppData\Roaming\Apple Computer
2008-05-24 21:39:32 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 13:51:40 0 d-------- C:\Users\user\AppData\Roaming\Adobe
2008-05-18 13:45:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 13:43:38 0 d-------- C:\Program Files\Ashampoo
2008-05-14 11:02:15 0 d-------- C:\Program Files\Windows Mail
2008-05-14 10:57:54 0 d-------- C:\Users\user\AppData\Roaming\EuroTalk
2008-05-04 21:54:44 0 d-------- C:\Users\user\AppData\Roaming\ICAClient
2008-05-03 22:45:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-02 15:00:06 0 d-------- C:\Program Files\Norton Security Scan
2008-05-02 14:51:15 0 d-------- C:\Users\user\AppData\Roaming\VoipStunt
2008-05-01 14:48:44 0 d-------- C:\Users\user\AppData\Roaming\Ashampoo
2008-05-01 14:47:10 0 d-------- C:\Users\user\AppData\Roaming\Ashampoo Photo Commander 4
2008-04-30 22:24:58 0 d-------- C:\Users\user\AppData\Roaming\Jasc Software Inc
2008-04-28 18:50:48 0 --a------ C:\Windows\ativpsrm.bin
2008-04-27 09:25:06 0 d-------- C:\Program Files\Common Files\Protexis
2008-04-25 22:23:54 0 d-------- C:\Users\user\AppData\Roaming\AdobeUM
2008-04-24 23:14:52 0 d-------- C:\Users\user\AppData\Roaming\CyberLink
2008-04-22 08:42:55 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-21 21:02:00 0 d-------- C:\Program Files\Yamicsoft
2008-04-21 12:51:29 0 d-------- C:\Program Files\EmailStripper
2008-04-19 21:25:45 0 d-------- C:\Program Files\Java
2008-04-19 21:24:15 0 d-------- C:\Program Files\Common Files\Java
2008-04-19 20:28:15 0 d-------- C:\Users\user\AppData\Roaming\Macromedia
2008-04-19 14:42:35 0 d-------- C:\Program Files\Windows Live
2008-04-19 14:39:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-19 11:29:27 0 d-------- C:\Program Files\Microsoft Works
2008-04-19 11:28:07 0 d-------- C:\Program Files\Microsoft.NET
2008-04-19 09:29:33 21211 --a------ C:\Users\user\AppData\Roaming\UserTile.png
2008-04-19 08:46:13 0 d-------- C:\Program Files\Conduit
2008-04-19 08:22:47 0 d-------- C:\Users\user\AppData\Roaming\Google
2008-04-19 08:15:08 0 d-------- C:\Program Files\Picasa2
2008-03-31 18:03:56 174 --ahs---- C:\Program Files\desktop.ini
2008-03-31 17:58:32 0 d-------- C:\Program Files\Windows Calendar
2008-03-31 17:58:31 0 d-------- C:\Program Files\Windows Sidebar
2008-03-31 17:58:31 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-31 17:58:31 0 d-------- C:\Program Files\Windows Journal
2008-03-31 17:58:31 0 d-------- C:\Program Files\Windows Collaboration
2008-03-31 17:58:31 0 d-------- C:\Program Files\Movie Maker
2008-03-31 17:58:30 0 d-------- C:\Program Files\Windows Defender
2008-03-28 10:33:33 22172 --a------ C:\Windows\system32\emptyregdb.dat
2008-03-27 20:09:30 0 -rahs---- C:\MSDOS.SYS
2008-03-27 20:09:30 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [09/03/2007 17:28 C:\Windows\SOUNDMAN.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/04/2008 08:14]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [08/02/2007 20:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Ashampoo AntiVirus Service.lnk - C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe [4/28/2008 2:23:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"PromptOnSecureDesktop"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-29 09:22:52 ------------



I hope you can help as I don't know what to do next!!!

Cheers

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 4 of 4 Posts
S
Hello Good People :wave:

Just to let you know that I couldn't wait any longer for your reply as I couldn't get into my bank accounts and I was scared that they could have been compromised...

I then remembered that my son had had a new motherboard installed just a couple of months back so I reformatted the hard drive and reinstalled windows, which has done the trick.... I would have liked to have known how to solve the problem another way..... as a person doesn't always have to option to wipe everything and start again without losing anything important....

Thankfully my bank accounts were fine, so I changed the passwords etc and I am now reloading all the software again.... I forgot how long that takes !!!!

You never know, I might have to visit your site again in the future.... I just wish I knew what all that log information meant..... it's just gobblydegook to me...

Cheers

Silken
See less See more
Save
Like
Ried
Hello silken,

Unfortunately, there isn't much to explain to you from the logs you posted. It would have helped to know what dubious programs you removed before posting.

There are some entries I would have had you fix, but that would not have solved your problem. We would have needed an online scan to see what was still lurking about and causing your issues.:sayyes:

I don't know what software you're reinstalling, but you may want to reconsider bigmaq toolbar (if you installed it in the first place).
Save
Like
S
Thank you Reid for your advice... I removed some software such as 'nostradamus', prince of persia..... cyberlink dvd .....adobe acrobat 8 ..... nothing very exciting !!!!

I didn't notice the 'bigmac' toolbar... but I'll heed your advice on that....

Thanks again.....

Silken
Save
Like
1 - 4 of 4 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top