Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
Play Blast Billiards on your PC desktop! This downloadable game features six of the best levels from Original, Trick, Ultimate and Deluxe Blast Billiards!
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
Britt_Marie
new user


Reg'd: Sun
Posts: 3
Re: IE closes randomly
      Tue Mar 18 2008 04:20 PM
Reply to this post Reply   Reply to this post Quote  

Hi Bricat,
Thank you so very much for responding. Here is the log from combofix.

ComboFix 08-03-17.1 - Britt Marie 2008-03-18 9:56:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -5:00]
Running from: C:\Documents and Settings\Britt Marie\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-16 21:48 . 2008-03-16 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-03-16 21:10 . 2008-03-16 21:11 <DIR> d-------- C:\Program Files\Megastore Madness
2008-03-16 21:10 . 2008-03-16 21:48 <DIR> d-------- C:\Program Files\Escape the Museum
2008-03-14 00:34 . 2008-03-15 15:58 <DIR> d-------- C:\Program Files\Curse of the Pharaoh - Quest for Nefertiti
2008-03-12 10:28 . 2008-03-12 17:09 <DIR> d-------- C:\Documents and Settings\Britt Marie\.housecall6.6
2008-03-12 10:28 . 2008-03-12 10:28 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-12 08:10 . 2008-03-12 08:10 1,299 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-09 20:33 . 2008-03-09 20:33 <DIR> d-------- C:\Program Files\ACW
2008-03-06 16:31 . 2008-03-06 16:31 <DIR> d-------- C:\Program Files\Wizards of the Coast
2008-03-04 19:09 . 2008-03-04 19:09 <DIR> d-------- C:\Documents and Settings\Britt Marie\Application Data\Wildfire
2008-03-03 16:57 . 2008-03-03 16:57 <DIR> d-------- C:\Program Files\IObit
2008-03-01 16:19 . 2008-03-01 16:19 <DIR> d-------- C:\Documents and Settings\Britt Marie\Application Data\iWin
2008-03-01 12:00 . 2008-03-01 12:00 <DIR> d-------- C:\Documents and Settings\Britt Marie\(null)
2008-02-27 18:41 . 2008-02-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-02-19 10:41 . 2008-02-19 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 01:31 --------- d-----w C:\Documents and Settings\Charlie\Application Data\WTablet
2008-03-12 15:18 --------- d-----w C:\Documents and Settings\Britt Marie\Application Data\WTablet
2008-03-12 14:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-03-10 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 21:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-14 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 22:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-31 03:07 --------- d-----w C:\Program Files\LimeWire
2008-01-31 00:34 --------- d-----w C:\Program Files\MSN Messenger
2008-01-28 00:31 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-01-20 22:06 --------- d-----w C:\Documents and Settings\Britt Marie\Application Data\Pointstone
2008-01-20 21:42 --------- d-----w C:\Program Files\InterVideo
2008-01-20 21:42 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-20 21:39 --------- d-----w C:\Program Files\Sonic
2008-01-20 21:37 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-20 21:05 94 ----a-w C:\WINDOWS\system32\drivers\IBM_8199_KUV.MRK
2008-01-20 21:04 --------- d-----w C:\Program Files\Lenovo
2008-01-20 21:04 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-01-20 18:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,792 2008-01-12 04:16:38 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
------w 14,348 2008-02-28 20:23:24 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

-c--a-w 221,184 2004-07-27 22:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 487,424 2007-11-06 21:27:06 C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

----a-w 114,688 2003-03-11 18:11:56 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 126,976 2005-06-21 22:44:34 C:\WINDOWS\system32\hkcmd.exe

----a-w 155,648 2003-03-11 18:24:08 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 155,648 2005-06-21 22:48:18 C:\WINDOWS\system32\igfxtray.exe

----a-w 122,940 2005-10-06 11:20:00 C:\WINDOWS\system32\dla\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 380416 C:\WINDOWS\system32\irprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-28 15:23 14348]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 15:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 15:36]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 14:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 13:30]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 01:39]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []

*Newly Created Service* - NMSCFG
*Newly Created Service* - TMCOMM
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 09:59:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 10:00:33
ComboFix-quarantined-files.txt 2008-03-18 15:00:23
.
2008-03-12 13:11:06 --- E O F ---


And here is the new Hijack This log.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:13:58 AM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168716118562
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7388 bytes


Thank you again!

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* IE closes randomly Britt_Marie Sun Mar 16 2008 07:40 PM
. * * Re: IE closes randomly bricatModerator   Tue Mar 18 2008 10:06 AM
. * * Re: IE closes randomly Britt_Marie   Tue Mar 18 2008 04:20 PM
. * * Re: IE closes randomly bricatModerator   Tue Mar 18 2008 06:28 PM
. * * Re: IE closes randomly Britt_Marie   Thu Mar 20 2008 01:06 AM
. * * Re: IE closes randomly bricatModerator   Thu Mar 20 2008 10:37 AM

Extra information
1 registered and 8 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved