Backdoor.Haxdoor - HELP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
Hi,

Norton Anti-Virus has detected a virus called Backdoor.Haxdoor on my comp (object name is C:\WINDOWS\system32\avload32.dll) and it is unable to repair the file.

My comp is not responding much with wuauclt.exe taking up 97-99 % of the CPU. I am unable to run a HJT scan also on the comp. I am posting this using my friend's comp. Please help me out.

Thanks in advance.
 
Joined
Sep 8, 2005
Messages
9,113
Welcome to TSG:)



Download haxfix.exe.

Save it to your desktop.

Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)

Checkmark "Create a desktop icon".

Click "Next".

When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.

Click "Finish".

A red "dos window" (dos box) will open.

Select option 1. Make logfile by typing 1 and then pressing Enter.

Haxfix will start scanning the computer. When it is finished a logfile will open.

Copy the contents of that logfile and paste it into this thread.



\
 

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
Thanks for the prompt response - here is the logfile from HAXFIX


>>>>>>>> logfile begins

HAXFIX logfile - by Marckie
______________
version 3.06
Sun 07/09/2006 19:50:26.79

checking for haxdoor
--------------------
checking for a3d files....
a3d files not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
CmBatt

checking for matching safeboot services....
no matching safeboot services found


Checking for goldun
-------------------
checking for notify keys....
no notify keys found

checking for services....
no services found


Finished

>>>>>>>> logfile ends

Thanks for your help.
 
Joined
Sep 8, 2005
Messages
9,113
Please download HJT setup.exe Here

Let it Place Hijackthis in C:\Program Files\Hijackthis

Open Hijackthis.exe

Click on Do a System Scan and Save log file

Don't Fix any Items!!!

Just copy and paste the contents of the log file to your reply.
 

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
Here is the HJT log - Thanks again for responding!

>>> Log begins

Logfile of HijackThis v1.99.1
Scan saved at 10:12:50 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\1149956191\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Mohit Sharma\Local Settings\Temporary Internet Files\Content.IE5\S3DVM2FH\sasetup[1].exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Documents and Settings\Mohit Sharma\Local Settings\Temporary Internet Files\Content.IE5\S3DVM2FH\ssf-snr-a-setup4929_1875973857[1].exe
C:\DOCUME~1\MOHITS~1\LOCALS~1\Temp\is-K42EK.tmp\is-I8G5O.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mohit Sharma\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149956191\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1416D7C8-8A28-11CF-9236-444553540000} (Infragistics Data Explorer Control) - https://mylearning-lms5.accenture.com/docent/lms/pvxplore8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42442236-3673-4054-89C0-A7408BC51EFC} (SDLNSrvr.clsNotes) - https://methodology.accenture.com/codebase/SDLnSrvr_ChainMaster.cab
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avload32 - avload32.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

>>> Log ends
 

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
Also wanted to mention that since nothing was working, I just powered off my comp and then restarted it. This time, Norton reported the same virus again (with a different object name, though) and said that it was FIXED. The performance of the PC has since improved, but I still have "System Idle Processes" taking upto 94-99 % of the CPU - why is that?
 
Joined
Sep 8, 2005
Messages
9,113
Did Norton find the same file that you mentioned in your first reply?????

Download WinPFind
Extract it to your C:\ folder.
A folder will be created called WinPFind.
Open the Folder called WinPFind and double click on WinPFind.exe.
Once the program is launched, click on Start Scan button. WinPFind can sometimes take upwards of 30 minutes because its scanning a large amount of files.

When the scan has completed, Click on Copy to Clipboard button. In your next reply, post the results.
 

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
No, Norton did not find the same file as I mentioned in my first reply - it was a different file. I am in office right now so will not be able to send you the WinPFind results before tonight.

Thanks for the help again.
 

tragic_magic

Thread Starter
Joined
Oct 10, 2005
Messages
15
I started the scan 4 hours ago and it is still going on - is there something wrong?
Here are the scan results till now-

>>>> Start

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 7/10/2006 8:08:26 PM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/10/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/10/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 11/25/2005 5:48:28 PM 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 8/10/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/10/2006 4:37:50 PM S 2048 C:\WINDOWS\bootstat.dat
7/10/2006 7:37:08 PM H 54156 C:\WINDOWS\QTFont.qfn
7/10/2006 4:37:54 PM S 64 C:\WINDOWS\CSC\00000001
7/10/2006 11:13:08 AM S 64 C:\WINDOWS\CSC\00000002
7/9/2006 7:37:40 PM S 64 C:\WINDOWS\CSC\csc1.tmp
6/22/2006 7:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
5/29/2006 12:16:00 PM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
5/18/2006 3:15:12 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
6/1/2006 4:28:56 PM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\_000000_.cat
7/10/2006 8:15:48 PM H 1024 C:\WINDOWS\system32\config\default.LOG
7/10/2006 4:37:56 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
7/10/2006 6:38:14 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
7/10/2006 8:16:14 PM H 1024 C:\WINDOWS\system32\config\software.LOG
7/10/2006 8:16:06 PM H 1024 C:\WINDOWS\system32\config\system.LOG
7/4/2006 1:46:42 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/9/2006 7:37:42 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\37826982-9053-4229-983a-2f032963f052
7/9/2006 7:37:42 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
6/17/2006 9:00:06 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\38690561-dbe5-4f31-977e-ec8e14bcb0f0
6/17/2006 9:00:06 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/8/2006 8:18:48 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
7/10/2006 4:38:04 PM H 6 C:\WINDOWS\Tasks\SA.DAT
6/25/2006 1:38:04 AM H 0 C:\WINDOWS\Temp\MpCmdRun-12-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
6/25/2006 1:38:04 AM H 0 C:\WINDOWS\Temp\MpCmdRun-12-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock

Checking for CPL files...
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
8/18/2004 1:28:00 PM 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl
Borland Software Corporation 10/7/2003 2:39:00 PM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 2/15/2005 4:02:58 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation7/27/2004 5:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/19/2003 6:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Dell Inc. 11/10/2004 12:51:26 PM 122880 C:\WINDOWS\SYSTEM32\NicConfigSvc.Cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
SigmaTel Inc. 7/20/2004 4:14:06 PM 102481 C:\WINDOWS\SYSTEM32\STAC97.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/20/2006 5:47:06 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/12/2005 7:36:16 PM 831 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
8/19/2004 5:07:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
9/12/2005 7:27:22 PM 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
1/22/2006 1:20:38 PM 763 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
9/12/2005 7:39:08 PM 2109 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/19/2004 4:57:38 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

>>>> End
 
Joined
Sep 8, 2005
Messages
9,113
Well it shouldn't take that long. Lets try something else

Download SilentRunners.zip
Extract SilentRunners to your Desktop
Double click on SilentRunners.vbs
Follow the prompts and scan may take a few minutes.
When scan has finished, I .txt file called Startup Programs****.txt will appear on your desktop.
Please post the results from the .txt file in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top