Need Log Analyzed

sheldon

By sheldon,
in Malware Removal

 Share Followers 0

Recommended Posts

sheldon

sheldon

Posted
Posted

Hello, I was directed here by a friend.

Sometimes when I open Outlook I get an alert of possible worm activity from McAfee VirusScan but McAfee, Trojan Hunter, Trojan Remover, Spybot S&D, Adaware SE Pro, Panda Online Virus Scan, Trend Micro Online Virus Scan, AND BitDefender Online Virus Scan haven't found anything. (I've updated everything before checking.) I'm beginning to think this is simply a false positive caused by Cloudmark's newest version of SafetyBar I upgraded to just before this problem began. In any case could someone please double check my log for any potential culprits or other problems.

Thanks in advance! :)

Logfile of HijackThis v1.99.0

Scan saved at 6:08:36 PM, on 12/19/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\No-IP\DUC20.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\WINDOWS\System32\taskswitch.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\CPal\CPBrWtch.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\ctfmon.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\kem.exe

C:\Program Files\Zagat Survey\ZAGAT TO GO for Pocket PC\ZAGAT TO GO Manager.exe

C:\Program Files\Wallpaper Cycle\Change Wallpaper.exe

C:\Program Files\AnalogX\ITR\itrc.exe

C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE

C:\Program Files\United Devices\UD.exe

C:\Program Files\WinBar\WinBar.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\United Devices\ud_7653764.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Program Files\Logitech\SetPoint\MediaPlayerMgr.exe

C:\Program Files\United Devices\ud_7653764_0.dir\WCGrid_Rosetta.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: ExplorerWatch Class - {D4E7C68D-37FD-11D4-9D32-0000A00B0B0B} - C:\Program Files\CPal\CPBrHelp.dll

O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL

O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Cookie Pal] "C:\Program Files\CPal\CPBrWtch.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Startup: Change Wallpaper.lnk = C:\Program Files\Wallpaper Cycle\Change Wallpaper.exe

O4 - Startup: ITR Client.lnk = C:\Program Files\AnalogX\ITR\itrc.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.exe

O4 - Startup: WinBar.lnk = C:\Program Files\WinBar\WinBar.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: ZAGAT TO GO Manager.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Highlight - C:\WINDOWS\web\myie-highlight.htm

O8 - Extra context menu item: &Search Google - C:\WINDOWS\web\myie-srch-goog.htm

O8 - Extra context menu item: &Url List - C:\WINDOWS\web\myie-link-list.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\default.7h0\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html

O8 - Extra context menu item: Pop Fra&me - C:\WINDOWS\web\myie-frmbust.htm

O8 - Extra context menu item: Search &Groups - C:\WINDOWS\web\myie-srch-groups.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Tra&nslator - C:\WINDOWS\web\myie-trans-goog.htm

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Va&lidate - C:\WINDOWS\web\myie-val-w3.htm

O8 - Extra context menu item: Verify Lin&ks - C:\WINDOWS\web\myie-links-w3.htm

O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Sheldon\Application Data\Mozilla\Firefox\Profiles\default.7h0\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\web\myie-zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\web\myie-zoomout.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.antivirus.com

O15 - Trusted Zone: *.foxnews.com

O15 - Trusted Zone: *.hackerwatch.org

O15 - Trusted Zone: *.hotmail.com

O15 - Trusted Zone: *.insightfirst.com

O15 - Trusted Zone: *.mcafee.com

O15 - Trusted Zone: *.mcafeehelp.com

O15 - Trusted Zone: *.pandasoftware.com

O15 - Trusted Zone: *.pandasoftware.es

O15 - Trusted Zone: *.passport.com

O15 - Trusted Zone: *.passport.net

O15 - Trusted Zone: *.trendmicro.com

O16 - DPF: WebWorks Help 3.0 -

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} -

O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} -

O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: VNC Server - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

Link to post
Share on other sites
therock247uk

therock247uk

Posted
Posted

I dont see any baddies there you could fix these lines in Hijackthis tho.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)

But as i said i dont see anything bad there.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing