Any Suggestions

lamuskrat

By lamuskrat,
in Spyware/Adware Information

 Share Followers 0

Recommended Posts

lamuskrat

lamuskrat

Posted
Posted

Please help with DLL list and reg keys/.....

Homepage · What is Kill Spyware ? · What We want from YOU Forums Search Members Calendar

Logged in as: lamuskrat ( Log Out ) My Controls · 0 New Messages · View New Posts · My Assistant

Please support Subratam.org

Subratam.org -> Kill Spyware Forums -> Security -> HijackThis Logs and Malware Removal

Useful Tools

Useful Tools

HijackThis | Spybot S&D | AdAware | CWShredder | Online Virus Scan | For more information please click here

help with HJT log?

Track this topic | Email this topic | Print this topic

lamuskrat Posted: Apr 28 2005, 12:37 AM

Newbie

Group: Members

Posts: 6

Member No.: 1740

Joined: 14-April 05

For some strange reason my boot time has gotten to be extremely long and the only thing I can find that is out of ordinary is when I opened Codestuff starter its showing 80 for winlogon.exe. So heres my HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 7:22:17 PM, on 4/27/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Documents and Settings\lamuskrat\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110843264265

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

I must have missed something???

Win xp pro

Intel p4 3.06

1 gig ddr ram

No new hardware or software added (except alternative browsers, when my FF upgrade failed and caused FF to keep crashing)

--------------------Thanks in advance!

--------------------

Lamuskrat

little eagle Posted: Apr 28 2005, 02:07 AM

Member

Group: Security Assistant

Posts: 87

Member No.: 386

Joined: 13-July 04

You didn't miss a thing you just have to AV's running. Not a good idea.

Although you could kill these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

--------------------

If my advice has helped you and you would like to donate click here.

Then stop in and say HI here

lamuskrat Posted: Apr 28 2005, 09:33 PM

Newbie

Group: Members

Posts: 6

Member No.: 1740

Joined: 14-April 05

I know I have two, I usually disable AVG after my e-mail scan. Still confused about the high percentage for winlogon.exe though.

Bye the way thanks,

--------------------

Lamuskrat

little eagle Posted: Apr 29 2005, 01:28 AM

Member

Group: Security Assistant

Posts: 87

Member No.: 386

Joined: 13-July 04

WinLogon.exe is the Windows NT login manager. It handles the login and logout procedures on your system.

winlogon.exe is a process which is registered as the W32.Netsky.D@mm worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.

Go here and run online scans, allow them to delete whatever they find:

TrendMicro HouseCall

eTrust AntiVirus Web Scanner

Note any thing that can't be fixed

Reboot when done. Rescan with HJT and post a new log here.

--------------------

If my advice has helped you and you would like to donate click here.

Then stop in and say HI here

lamuskrat Posted: Apr 29 2005, 01:21 PM

Newbie

Group: Members

Posts: 6

Member No.: 1740

Joined: 14-April 05

Well while were on the subject here is a dll log for winlog, could someone check it too... Module information for 'winlogon.exe'

MODULE BASE SIZE PATH

winlogon.exe 1000000 524288 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon Application

ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL

kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL

ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API

RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime

AUTHZ.dll 776c0000 69632 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework

msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL

CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32

USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL

GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL

MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs

NDdeApi.dll 75940000 32768 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network DDE Share Management APIs

PROFMAP.dll 75930000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv

NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL

USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv

PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper

REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs

Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface

SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API

VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries

WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library

WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs

IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper

WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT

MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL

SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll

SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Light-weight Utility Library

COMCTL32.dll 5d090000 618496 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library

ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager

comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL

comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library

odbcint.dll 20000000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources

SHSVCS.dll 776e0000 143360 C:\WINDOWS\system32\SHSVCS.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Services Dll

Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library

sfc.dll 76bb0000 20480 C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection

sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection

ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows

WINSCARD.DLL 723d0000 114688 C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API

WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs

WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL

sxs.dll 75e90000 720896 C:\WINDOWS\system32\sxs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5

rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider

wldap32.dll 76f60000 180224 C:\WINDOWS\system32\wldap32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL

UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library

SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL

mpr.dll 71b20000 73728 C:\WINDOWS\system32\mpr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL

wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper

xpsp2res.dll 1300000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages

NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider

msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper

Will run both scans and post back

Thank you...

--------------------

Lamuskrat

1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)

1 Members: lamuskrat

« Next Oldest | HijackThis Logs and Malware Removal | Next Newest »

Fast Reply

Show Smilies Pop Up Window | Enable Smilies | Enable Signature

Close Topic Options

Track this topic

Receive email notification when a reply has been made to this topic and you are not active on the board.

Subscribe to this forum

Receive email notification when a new topic is posted in this forum and you are not active on the board.

Download / Print this Topic

Download this topic in different formats or view a printer friendly version.

Forum Home Search Help The Site - FAQ - Catherine's Corner - Announcements - Comments, Suggestions and Ideas - Tools/Softwares Security - Special fixes - Canned messages - The Archive Desk - HijackThis Logs and Malware Removal - Security Tips - Protecting Online Privacy & Security Ad-aware Support - Ad-aware Support Forum Threats - Adware/Spyware - Viruses/Worms - Trojans/Backdoors Security Tools - Antispyware - Firewalls - AntiVirus/AntiTrojans Operating Systems - Windows 9x/Me - Windows NT/2k/XP - Windows 2003/Future versions - Linux/Unix - Macintosh Computing and Support - Software Lounge - Networking Lounge - Hardware Lounge - Programs & PC Troubleshooting & Discussions Polls - Polls -> Security - Polls -> Non-Security Updates and Alerts - Current Affairs - Security Warnings - Security Update Announcements Fly Away - Open Space - Sassy Talks ---- Introductions - Open Chatroom - Leave a message - Test Place

THIS DID NOT COME OUT RIGHT!!!!!!

[ Script Execution time: 0.0838 ] [ 12 queries used ] [ GZIP Enabled ]

Powered by Invision Power Board(U) v1.3.1 Final © 2003 IPS, Inc.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing