[ Done ] hijackthis.log | problems with windows update

  • 6 Replies
  • 5435 Views
*

Offline jebac

  • Bronze Member
  • 4
[ Done ] hijackthis.log | problems with windows update
« on: December 05, 2008, 01:38:55 PM »
I cannot obtain the Windows updates.
After posting the errors on Windows Update Support and unsuccessfully trying to apply suggested fixes I was prompted to analyze for possible malware.

There are couple errors I receive when try to get the updates. First two are the most frequent (depending on fix I tried to apply).
Error -2147319779
EEHndlr   WARNING: Failed to populate ServiceStartup entries in Cache: error 0x80070002
Error number: 0x8002801D
Error number: 0x8007043C
Error number: 0x80072EE2

I checked for malware with NOD32 v3, Trojan Remover, Supera Antispyware, SpywareBlaster, AdAware and Malwarebyte's Anti Malware - and was completely clean.

Please if someone can check my hijackthis.log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:41, on 5.12.2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\FONTS\FONT MANAGEMENT\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\SECURITY\NOD32\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\UTILS\Belkin Bulldog Plus\UPS-Service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\UTILS\My Folders\MyFolders.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\UTILS\Belkin Bulldog Plus\UPS-Status.exe
C:\FONTS\FONT MANAGEMENT\Extensis Suitcase 11\Suitcase.exe
C:\DESKTOP\Yahoo Widgets\YahooWidgets.exe
C:\DRIVERS\Logitech\SetPoint\x86\SetPoint32.exe
C:\DESKTOP\Yahoo Widgets\YahooWidgets.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\hijackthis 2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\GRAPHICS\Snagit\SnagItBHO.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\GRAPHICS\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SECURITY\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\GRAPHICS\Snagit\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\GRAPHICS\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UPS-Status] C:\UTILS\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\GRAPHICS\Adobe CS4\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\SECURITY\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [My Folders] C:\UTILS\My Folders\MyFolders.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SECURITY\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\GRAPHICS\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\DRIVERS\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Suitcase 11.0.lnk = ?
O4 - Global Startup: Yahoo! Widgets.lnk = C:\DESKTOP\Yahoo Widgets\YahooWidgets.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\UTILS\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\UTILS\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SECURITY\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SECURITY\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228292700703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228505034375
O20 - Winlogon Notify: !SASWinLogon - C:\SECURITY\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\SECURITY\Ad-Aware\aawservice.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\FONTS\FONT MANAGEMENT\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\SECURITY\NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\SECURITY\NOD32\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\SECURITY\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\UTILS\Belkin Bulldog Plus\UPS-Service.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 10496 bytes
« Last Edit: December 10, 2008, 07:11:12 AM by bamajim »

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: hijackthis.log | problems with windows update
« Reply #1 on: December 08, 2008, 08:43:39 AM »
jebac

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

2008-2010
Rights cannot exist without morals

*

Offline jebac

  • Bronze Member
  • 4
Re: [ In Progress ] hijackthis.log | problems with windows update
« Reply #2 on: December 09, 2008, 01:46:15 PM »
Unfortunately Combofix doesn't work in Windows XP 64-bit :(

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] hijackthis.log | problems with windows update
« Reply #3 on: December 09, 2008, 01:49:27 PM »
jebac

O.k.

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

2008-2010
Rights cannot exist without morals

*

Offline jebac

  • Bronze Member
  • 4
Re: [ In Progress ] hijackthis.log | problems with windows update
« Reply #4 on: December 09, 2008, 01:57:25 PM »
Ok, here is files.txt



+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+  By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>>  9.12.2008 20:54:36

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"egui"="\"C:\\SECURITY\\NOD32\\egui.exe\" /hide /waitservice"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PeerGuardian"="C:\\SECURITY\\PeerGuardian2\\pg2.exe"
"My Folders"="C:\\UTILS\\My Folders\\MyFolders.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

9.12.2008 20:47:35    6991139    C:\32788R22FWJFW
9.12.2008 20:33:55    956    32    C:\Bug.txt
9.12.2008 20:54:36    0    32    C:\Files.txt
13.11.2008 9:47:16    5125200    C:\WINDOWS\$NtUninstallKB955069$
13.11.2008 9:47:16    761424    C:\WINDOWS\$NtUninstallKB955069$\spuninst
13.11.2008 9:48:42    1547506    C:\WINDOWS\$NtUninstallKB957097$
13.11.2008 9:48:42    760562    C:\WINDOWS\$NtUninstallKB957097$\spuninst
4.12.2008 17:54:58    16673203    C:\WINDOWS\SoftwareDistribution
4.12.2008 17:54:58    40008    C:\WINDOWS\SoftwareDistribution\AuthCabs
4.12.2008 17:58:09    20004    C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
4.12.2008 17:58:09    0    C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded
4.12.2008 17:55:42    16465920    C:\WINDOWS\SoftwareDistribution\DataStore
4.12.2008 17:55:42    729088    C:\WINDOWS\SoftwareDistribution\DataStore\Logs
4.12.2008 17:54:58    53154    C:\WINDOWS\SoftwareDistribution\Download
4.12.2008 17:54:58    0    C:\WINDOWS\SoftwareDistribution\SelfUpdate
4.12.2008 17:54:58    0    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default
4.12.2008 17:54:58    0    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wow64
4.12.2008 17:54:58    0    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered
4.12.2008 17:54:58    0    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\wow64
4.12.2008 17:55:50    71083    C:\WINDOWS\SoftwareDistribution\WebSetup
4.12.2008 17:55:50    0    C:\WINDOWS\SoftwareDistribution\WebSetup\wow64
4.12.2008 17:55:50    38476    C:\WINDOWS\SoftwareDistribution\WuRedir
4.12.2008 17:58:39    19140    C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
4.12.2008 17:55:50    19336    C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77
3.12.2008 11:00:04    3050363    C:\WINDOWS\SoftwareDistribution1
3.12.2008 15:38:09    40008    C:\WINDOWS\SoftwareDistribution1\AuthCabs
3.12.2008 15:41:06    20004    C:\WINDOWS\SoftwareDistribution1\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
3.12.2008 15:41:05    0    C:\WINDOWS\SoftwareDistribution1\AuthCabs\Downloaded
3.12.2008 15:38:54    2899968    C:\WINDOWS\SoftwareDistribution1\DataStore
3.12.2008 15:38:54    794624    C:\WINDOWS\SoftwareDistribution1\DataStore\Logs
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\Download
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\SelfUpdate
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\SelfUpdate\Default
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\SelfUpdate\Default\wow64
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\SelfUpdate\Registered
3.12.2008 15:38:09    0    C:\WINDOWS\SoftwareDistribution1\SelfUpdate\Registered\wow64
3.12.2008 15:41:19    71429    C:\WINDOWS\SoftwareDistribution1\WebSetup
3.12.2008 15:41:19    0    C:\WINDOWS\SoftwareDistribution1\WebSetup\wow64
3.12.2008 15:40:39    38476    C:\WINDOWS\SoftwareDistribution1\WuRedir
3.12.2008 15:41:30    19140    C:\WINDOWS\SoftwareDistribution1\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
3.12.2008 15:40:39    19336    C:\WINDOWS\SoftwareDistribution1\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77
9.12.2008 8:57:23    217073    32    C:\WINDOWS\meta4.exe
9.12.2008 8:57:23    66560    32    C:\WINDOWS\MOTA113.exe
9.12.2008 10:22:54    54156    34    C:\WINDOWS\QTFont.qfn
9.12.2008 8:57:23    502784    32    C:\WINDOWS\x2.64.exe
4.12.2008 19:51:20    497920    32    C:\WINDOWS\system32\TuneUpDefragService.exe
4.12.2008 19:45:28    840960    32    C:\WINDOWS\system32\TUProgSt.exe
4.12.2008 19:51:21    35072    32    C:\WINDOWS\system32\uxtuneup.dll

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======


====== Folders under "\Program Files" Last 30 Days======

9.12.2008 8:57:23    144857    C:\Program Files\AviSynth 2.5
9.12.2008 8:57:23    144857    C:\Program Files\AviSynth 2.5\plugins

====== Files under "\System32\Drivers" Last 30 Days======


====== Files under "\User\Local Settings\Temp" Last 30 Days======

6.12.2008 11:03:38    1977    32    C:\Documents and Settings\Administrator\Local Settings\Temp\alm.log
6.12.2008 11:03:32    45369    32    C:\Documents and Settings\Administrator\Local Settings\Temp\amt.log
6.12.2008 11:52:15    4333    32    C:\Documents and Settings\Administrator\Local Settings\Temp\csxs-DRWV.log
6.12.2008 11:36:14    4123    32    C:\Documents and Settings\Administrator\Local Settings\Temp\csxs-FLPR.log
8.12.2008 9:28:23    4133    32    C:\Documents and Settings\Administrator\Local Settings\Temp\csxs-IDSN.log
6.12.2008 13:04:36    3299    32    C:\Documents and Settings\Administrator\Local Settings\Temp\csxs-PHXS.log
9.12.2008 15:11:22    5267456    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624498718
9.12.2008 15:11:24    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624500218
9.12.2008 15:11:24    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624500359
9.12.2008 15:11:30    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624506218
9.12.2008 15:11:31    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624507171
9.12.2008 15:11:40    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624515859
9.12.2008 15:11:43    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624519312
9.12.2008 15:11:43    90112    32    C:\Documents and Settings\Administrator\Local Settings\Temp\DBTmp1013624519421
6.12.2008 10:01:10    21944    32    C:\Documents and Settings\Administrator\Local Settings\Temp\English.bin
9.12.2008 8:35:54    49200    34    C:\Documents and Settings\Administrator\Local Settings\Temp\etilqs_YbGj0wSOySp3e6KiKrEJ
6.12.2008 11:03:38    2019    32    C:\Documents and Settings\Administrator\Local Settings\Temp\libFNP_events.log
9.12.2008 15:11:43    1024    32    C:\Documents and Settings\Administrator\Local Settings\Temp\lil22FC.tmp
9.12.2008 15:11:43    1024    32    C:\Documents and Settings\Administrator\Local Settings\Temp\lil22FD.tmp
9.12.2008 15:11:43    1024    32    C:\Documents and Settings\Administrator\Local Settings\Temp\lil22FE.tmp
9.12.2008 15:11:43    1024    32    C:\Documents and Settings\Administrator\Local Settings\Temp\lil22FF.tmp
9.12.2008 15:11:43    3072    32    C:\Documents and Settings\Administrator\Local Settings\Temp\lil2300.tmp
9.12.2008 15:11:44    0    32    C:\Documents and Settings\Administrator\Local Settings\Temp\Photoshop Temp15325233648
9.12.2008 9:06:00    0    32    C:\Documents and Settings\Administrator\Local Settings\Temp\SnagIt274e31.txt
9.12.2008 10:07:31    0    32    C:\Documents and Settings\Administrator\Local Settings\Temp\SnagIt5f9f9d.txt
6.12.2008 11:03:39    63189    32    C:\Documents and Settings\Administrator\Local Settings\Temp\swtag.log
8.12.2008 19:17:57    263959    32    C:\Documents and Settings\Administrator\Local Settings\Temp\UherHWrU.xpi.part
5.12.2008 20:54:41    19198    32    C:\Documents and Settings\Administrator\Local Settings\Temp\WIITMPDS.TMP

====== Files and Folders under "All Users\Application Data" Last 30 Days======

5.12.2008 11:54:41    1345467    C:\Documents and Settings\All Users\Application Data\Malwarebytes
5.12.2008 11:54:41    1345467    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
4.12.2008 19:26:40    0    C:\Documents and Settings\All Users\Application Data\Simply Super Software
4.12.2008 19:26:40    0    C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover
4.12.2008 19:26:40    0    C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data
5.12.2008 20:03:59    41045134    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
5.12.2008 20:04:17    41000537    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups
5.12.2008 20:03:59    144    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
5.12.2008 20:19:47    0    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
5.12.2008 20:04:17    0    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
5.12.2008 20:20:19    0    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots
5.12.2008 20:20:19    40038    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2
21.11.2008 12:20:39    197037    C:\Documents and Settings\All Users\Application Data\TuneUp Software
21.11.2008 12:20:39    197037    C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities
21.11.2008 12:21:05    188416    C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Program Statistics
4.12.2008 19:51:09    8621    C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web
21.11.2008 12:19:34    16584704    C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}


====== Services ( Services that are Whitelisted are not shown) ======

 Application Experience Lookup Service (AeLookupSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto

 B's Recorder GOLD Library General Service (bgsvcgen) "C:\WINDOWS\system32\bgsvcgen.exe"  - Manual

 .NET Runtime Optimization Service v2.0.50727_x64 (clr_optimization_v2.0.50727_64) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe  - Manual

 Eset HTTP Server (EhttpSrv) C:\SECURITY\NOD32\EHttpSrv.exe  - Manual

 Eset Service (ekrn) C:\SECURITY\NOD32\x86\ekrn.exe  - Auto

 FLEXnet Licensing Service (FLEXnet Licensing Service) "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"  - Auto

 FLEXnet Licensing Service 64 (FLEXnet Licensing Service 64) "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"  - Manual

 IAS Jet Database Access (IASJet) C:\WINDOWS\SysWOW64\svchost.exe -k iasjet  - Manual

 Logitech Bluetooth Service (LBTServ) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe  - Manual

 NetLimiter (nlsvc) "C:\SECURITY\NetLimiter 2 Pro\nlsvc.exe"  - Auto

 NMSAccessU (NMSAccessU) C:\WINDOWS\system32\NMSAccessU.exe  - Manual

 NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc64.exe  - Auto

 ServiceLayer (ServiceLayer) "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"  - Manual

 TuneUp Drive Defrag Service (TuneUp.Defrag) C:\WINDOWS\System32\TuneUpDefragService.exe  - Manual

 UPS - UPSentry Service (UPSentry_Smart) "C:\UTILS\Belkin Bulldog Plus\UPS-Service.exe"  - Auto

 TuneUp Theme Extension (UxTuneUp) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto

 WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) C:\WINDOWS\system32\svchost.exe -k LocalService  - Manual


====== Running Processes ======

System Idle Process   
  •    

System   [4]   
smss.exe   [364]   \SystemRoot\System32\smss.exe
csrss.exe   [428]   
winlogon.exe   [452]   winlogon.exe
services.exe   [500]   C:\WINDOWS\system32\services.exe
lsass.exe   [524]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [696]   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe   [800]   
svchost.exe   [844]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [892]   
svchost.exe   [972]   
spoolsv.exe   [1092]   C:\WINDOWS\system32\spoolsv.exe
mDNSResponder.exe   [1228]   "C:\FONTS\FONT MANAGEMENT\Extensis Suitcase 11\Bonjour\mDNSResponder.exe"
ekrn.exe   [1268]   C:\SECURITY\NOD32\x86\ekrn.exe
svchost.exe   [1300]   C:\WINDOWS\System32\svchost.exe -k WinErr
FNPLicensingService.exe   [1320]   "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
nlsvc.exe   [1456]   "C:\SECURITY\NetLimiter 2 Pro\nlsvc.exe"
nvsvc64.exe   [1500]   C:\WINDOWS\system32\nvsvc64.exe
svchost.exe   [1560]   
wdfmgr.exe   [1656]   
UPS-Service.exe   [1696]   "C:\UTILS\Belkin Bulldog Plus\UPS-Service.exe"
wmiprvse.exe   [1840]   
alg.exe   [2044]   
explorer.exe   [2348]   C:\WINDOWS\Explorer.EXE
NLClient.exe   [2456]   /runonlyonce /tray
rundll32.exe   [2772]   "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL.exe   [2856]   "C:\WINDOWS\RTHDCPL.EXE"
egui.exe   [2960]   "C:\SECURITY\NOD32\egui.exe"  /hide /waitservice
ctfmon.exe   [2980]   "C:\WINDOWS\system32\ctfmon.exe"
pg2.exe   [2988]   "C:\SECURITY\PeerGuardian2\pg2.exe"
ctfmon.exe   [3000]   "C:\WINDOWS\system32\ctfmon.exe"
MyFolders.exe   [3048]   "C:\UTILS\My Folders\MyFolders.exe"
SetPoint.exe   [1116]   "C:\DRIVERS\Logitech\SetPoint\SetPoint.exe"
UPS-Status.exe   [948]   "C:\UTILS\Belkin Bulldog Plus\UPS-Status.exe"
Suitcase.exe   [1748]   "C:\FONTS\FONT MANAGEMENT\Extensis Suitcase 11\Suitcase.exe" -Startup
YahooWidgets.exe   [1920]   "C:\DESKTOP\Yahoo Widgets\YahooWidgets.exe"
SetPoint32.exe   [2088]   "C:\DRIVERS\Logitech\SetPoint\x86\SetPoint32.exe"
YahooWidgets.exe   [2172]   C:\DESKTOP\Yahoo Widgets\YahooWidgets.exe /child "C:\DESKTOP\Yahoo Widgets\widescapeWeather.widget"
KHALMNPR.exe   [2248]   KHALMNPR.EXE /API
wmiprvse.exe   [6216]   
wscript.exe   [7240]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Administrator\Desktop\FileLister\FileLister.vbe"
wmiprvse.exe   [7344]   

====== Uninstall List From Registry ======

Windows Driver Package - Nokia Modem  (10/12/2007 3.6)
Windows Driver Package - Nokia Modem  (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
Windows Driver Package - Nokia Modem  (03/05/2008 3.7)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
K-Lite Codec Pack 64-bit v1.2.0
NVIDIA Drivers
PeerGuardian 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Imaging Component
XML Paper Specification Shared Components Pack 1.0
Microsoft Visual C++ 2005 Redistributable (x64)
CDDRV_Installer
Microsoft ICE
Adobe WinSoft Linguistics Plugin x64
Microsoft .NET Framework 3.0 Service Pack 1
Photoshop Camera Raw_x64
Adobe Photoshop Lightroom 2.1 64-bit
The Panorama Factory V5 x64 Edition
Adobe Fonts All x64
MSVC80_x64
Microsoft Visual C++ 2005 Redistributable (x64)
True Launch Bar 64-bit Edition
Corel Shell Extension - 64Bit
Adobe Linguistics CS4 x64
Adobe Anchor Service x64 CS4
Adobe Type Support x64 CS4
True Launch Bar 64-bit Edition
Adobe CSI CS4 x64
ESET NOD32 Antivirus
Microsoft Office Office 64-bit Components 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Adobe CMaps x64 CS4
Adobe Drive CS4 x64
Adobe InDesign CS4 Icon Handler x64
Microsoft .NET Framework 2.0 Service Pack 1
IconViewer
Adobe Photoshop CS4 (64 Bit)
MSXML 6 Service Pack 2 (KB954459)
Adobe PDF Library Files x64 CS4
KhalInstallWrapper
Windows Presentation Foundation x64

======== Other Info ========

TOTAL PHYSICAL RAM: 4293 MB

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] hijackthis.log | problems with windows update
« Reply #5 on: December 09, 2008, 02:46:54 PM »
jebac

I don't see any signs of infection or malware in the logs you have posted.

2008-2010
Rights cannot exist without morals

*

Offline jebac

  • Bronze Member
  • 4
Re: [ In Progress ] hijackthis.log | problems with windows update
« Reply #6 on: December 10, 2008, 01:51:17 AM »
Thank you for your effort.
Maybe really my problem wasn't malware related.
Best regards.