Sign in to follow this  
Jacksaar

Unusal Behaviors

Recommended Posts

Help please. Sluggish & unusal behavior. I'm not sure what is happening. This morning Windows had some type of stop error, and I can no longer get windows updates, all of which tells me something is wrong. I thought I would start here.

 

Can anyone help?

 

My Hijack This log is below

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:08:11 AM, on 6/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\ICQLite\ICQLite.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\1-Click Answers\answers.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\PROGRA~1\1-CLIC~1\agtserv.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://us.rd.yahoo.com/customize/ie/defaul...arch/search.htm

 

l

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.answers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://us.rd.yahoo.com/customize/ie/defaul...arch/search.htm

 

l

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

 

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

 

provided by Dechert-Hampe

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program

 

Files\Yahoo!\Search\YSearchSuggest.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

 

Files\Java\jre1.6.0_01\bin\ssv.dll

O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} -

 

C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan

 

Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

 

7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL

 

Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program

 

Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

 

Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

 

Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

 

Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

 

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

 

manager\samnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.answers.com

O15 - Trusted Zone: http://www.bloomberg.com

O15 - Trusted Zone: http://webmail.atl.earthlink.net

O15 - Trusted Zone: http://www.earthlink.net

O15 - Trusted Zone: http://www.reuters.com

O15 - Trusted Zone: http://www.sparksco.com

O15 - Trusted Zone: http://www.gsb.stanford.edu

O16 - DPF: CCWebV6Client - http://rational.nbcuni.ge.com:8080/ccweb/a...s/ccwebv6cl.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -

 

https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

 

Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} -

 

http://download1.answers.com/pub/AnswersSetup.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) -

 

https://anywherela.nbcuni.com/dana-cached/s...oterisSetup.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

 

http://update.microsoft.com/microsoftupdat....cab?1166039612

 

193

O16 - DPF: {BB8B9052-8D27-45D4-B79F-84946D41EBF7} (Office Live Meeting Presentation-Upload

 

Control) -

 

https://fwd120.livemeeting.com/etc/place/TA...re.aud.ieupload

 

/UploadControl.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dechert-hampe.com

O17 - HKLM\Software\..\Telephony: DomainName = dechert-hampe.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dechert-hampe.com

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

 

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

 

C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. -

 

C:\WINDOWS\System32\basfipm.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program

 

Files\ISS\issSensors\DesktopProtection\blackd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

 

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL

 

Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend

 

Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program

 

Files\ISS\issSensors\DesktopProtection\RapApp.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

 

C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL

 

Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend

 

Micro\OfficeScan Client\tmlisten.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

 

Files\Viewpoint\Common\ViewpointService.exe

Share this post


Link to post
Share on other sites
Sign in to follow this