Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
sbroadley
new user


Reg'd: Sat
Posts: 20
Re: possible malware and SpyShredder infection
      Thu Mar 20 2008 06:47 PM
Reply to this post Reply   Reply to this post Quote  

The rapport notepad log is below

SmitFraudFix v2.305

Scan done at 18:43:19.47, 20/03/2008
Run from C:\Documents and Settings\Spencer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wltray.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Spencer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Spencer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Spencer\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: BT Voyager 1065 Laptop Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F5F227A-C187-4F7E-AE6A-F600311EB3E0}: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* possible malware and SpyShredder infection sbroadley Thu Mar 20 2008 11:20 AM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 12:04 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Thu Mar 20 2008 01:33 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 02:01 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Thu Mar 20 2008 06:08 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 06:47 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Thu Mar 20 2008 07:28 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 08:07 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Thu Mar 20 2008 10:08 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Fri Mar 21 2008 10:04 AM
. * * Re: possible malware and SpyShredder infection sbroadley   Fri Mar 21 2008 10:06 AM
. * * Re: possible malware and SpyShredder infection bricatModerator   Fri Mar 21 2008 10:36 AM
. * * Re: possible malware and SpyShredder infection sbroadley   Fri Mar 21 2008 11:56 AM
. * * Re: possible malware and SpyShredder infection sbroadley   Fri Mar 21 2008 11:57 AM
. * * Re: possible malware and SpyShredder infection bricatModerator   Fri Mar 21 2008 04:02 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Sat Mar 22 2008 03:17 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Sat Mar 22 2008 06:10 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Sat Mar 22 2008 08:19 PM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 08:08 PM
. * * Re: possible malware and SpyShredder infection bricatModerator   Thu Mar 20 2008 11:26 AM
. * * Re: possible malware and SpyShredder infection sbroadley   Thu Mar 20 2008 11:56 AM

Extra information
1 registered and 21 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved