|
| | | New Member
Group: Forum Members
Last Login: 10/21/2008 1:26 PM
Posts: 2, Visits: 0 |
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:43 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32wprovau.dll
O20 - AppInit_DLLs: avgrsstx.dll
--
End of file - 2876 bytes
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734 |
| Welcome
Please download/install Avira AntiVir Personal - FREE Antivirus:
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
_______________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | | New Member
Group: Forum Members
Last Login: 10/21/2008 1:26 PM
Posts: 2, Visits: 0 |
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02, on 2008-10-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32wprovau.dll
O20 - AppInit_DLLs: avgrsstx.dll
--
End of file - 2523 bytes
Avira AntiVir Personal
Report file date: Tuesday, October 21, 2008 19:45
Scanning for 1701701 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JAMIESPC
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 10/19/2008 23:43:47
ANTIVIR3.VDF : 7.0.7.70 111104 Bytes 10/21/2008 23:43:48
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/21/2008 23:44:01
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/21/2008 23:43:59
AESCN.DLL : 8.1.1.3 123252 Bytes 10/21/2008 23:43:58
AERDL.DLL : 8.1.1.2 438644 Bytes 10/21/2008 23:43:58
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/21/2008 23:43:57
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 10/21/2008 23:43:56
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/21/2008 23:43:55
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/21/2008 23:43:53
AEGEN.DLL : 8.1.0.41 319861 Bytes 10/21/2008 23:43:52
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/21/2008 23:43:51
AECORE.DLL : 8.1.2.6 172406 Bytes 10/21/2008 23:43:50
AEBB.DLL : 8.1.0.3 53618 Bytes 10/21/2008 23:43:49
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/21/2008 23:43:49
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: Tuesday, October 21, 2008 19:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'locator.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
19 processes with 19 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '50' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\'
End of the scan: Tuesday, October 21, 2008 20:03
Used time: 18:14 Minute(s)
The scan has been done completely.
6206 Scanning directories
240204 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
240203 Files not concerned
1790 Archives were scanned
5 Warnings
0 Notes
ComboFix 08-10-21.05 - Jamie 2008-10-22 14:52:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.663 [GMT -4:00]
Running from: C:\Documents and Settings\Jamie\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
[COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-20 20:21 . 2008-10-20 20:21d--------C:\Program Files\Ventrilo
2008-10-20 18:48 . 2008-10-20 18:48d--------C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-20 18:41 . 2008-10-20 18:551,943--a------C:\WINDOWS\imsins.BAK
2008-10-20 18:32 . 2008-10-20 18:33d--------C:\WINDOWS\system32\drivers\Avg
2008-10-20 18:32 . 2008-10-20 18:3297,928--a------C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-20 18:32 . 2008-10-20 18:3210,520--a------C:\WINDOWS\system32\avgrsstx.dll
2008-10-17 19:45 . 2008-08-14 06:092,145,280-----c---C:\WINDOWS\system32\dllcachetkrnlmp.exe
2008-10-17 19:45 . 2008-08-14 05:332,023,936-----c---C:\WINDOWS\system32\dllcachetkrpamp.exe
2008-10-17 19:45 . 2008-09-15 08:121,846,400-----c---C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-10 19:47 . 2008-10-10 19:47d--------C:\Documents and Settings\Jamie\Application Data\Leadertech
2008-10-10 19:25 . 2008-10-10 19:25d--------C:\Documents and Settings\Jamie\Application Data\acccore
2008-10-10 19:25 . 2007-01-23 15:4534,576--a------C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-10-10 19:25 . 2007-01-23 15:4533,296--a------C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-10-10 19:24 . 2008-10-10 19:24d--------C:\Documents and Settings\All Users\Application Data\acccore
2008-10-02 17:37 . 2008-10-02 17:37d--------C:\Documents and Settings\Jamie\hmm
2008-10-02 17:26 . 2008-10-02 17:26d--------C:\Documents and Settings\All Users\Application Data\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:35---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 01:56---------d-----wC:\Documents and Settings\Jamie\Application Data\Audacity
2008-10-21 00:21---------d-----wC:\Program Files\World of Warcraft
2008-10-20 23:40---------d-----wC:\Program Files\Common Files\Wise Installation Wizard
2008-10-20 22:31---------d-----wC:\Documents and Settings\All Users\Application Data\Avg8
2008-10-20 22:06---------d-----wC:\Program Files\NVIDIA
2008-10-11 08:23---------d-----wC:\Program Files\Common Files\Blizzard Entertainment
2008-10-11 06:59---------d-----wC:\Program Files\Common Files\LogiShrd
2008-10-11 06:56---------d-----wC:\Program Files\Logitech
2008-10-11 06:55---------d-----wC:\Documents and Settings\Jamie\Application Data\LimeWire
2008-10-10 23:45---------d-----wC:\Program Files\Common Files\Logitech
2008-10-10 23:37---------d-----wC:\Documents and Settings\All Users\Application Data\Logitech
2008-10-10 23:24---------d-----wC:\Program Files\Common Files\AOL
2008-10-02 21:29---------d-----wC:\Documents and Settings\Jamie\Application Data\Sony
2008-10-02 21:27---------d-----wC:\Program Files\Vstplugins
2008-09-15 00:13---------d-----wC:\Documents and Settings\All Users\Application Data\Blizzard
2008-09-11 05:19---------d-----wC:\Documents and Settings\Jamie\Application Data\IGN_DLM
2008-09-08 10:41333,824----a-wC:\WINDOWS\system32\drivers\srv.sys
2008-09-03 19:38---------d-----wC:\Documents and Settings\Jamie\Application Data\SystemRequirementsLab
2008-09-01 19:11---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-01 19:08---------d-----wC:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-17 11:5310,829-c-ha-wC:\Program Files\Videopak2_free.GID
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
backup=C:\WINDOWS\pss\TrayMin700.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jamie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32vcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32vmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a--c--- 2005-03-15 05:46 196608 C:\Program Files\Microsoft IntelliType Pro\type32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupregwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32wiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"WMConnectCDS"=3 (0x3)
"UMWdf"=2 (0x2)
"Pctspk"=2 (0x2)
"Bonjour Service"=2 (0x2)
"wwEngineSvc"=3 (0x3)
"aawservice"=3 (0x3)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=3 (0x3)
"avg8wd"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"ose"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Wow.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizz d
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-20 97928]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 3712]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 naecd;naecd;C:\DOCUME~1\Jamie\LOCALS~1\Tempaecd.sys [ ]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 541568]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
S4 avg8wd;AVG Free8 WatchDog;I:\PROGRA~1\avgwdsvc.exe [ ]
S4 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]
*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
2008-10-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- I:\Program Files\cleaner\OneClickStarter.exe []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\qp1455n8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media PlayerpViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 14:56:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\locator.exe
.
**************************************************************************
.
Completion time: 2008-10-22 14:57:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-22 18:57:40
Pre-Run: 139,779,387,392 bytes free
Post-Run: 139,826,294,784 bytes free
180--- E O F ---2008-10-20 01:12:08
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734 |
| Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
Download and scan with CCleaner.
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the 'No Toolbar' 'Slim' version instead of the 'Standard Build'.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
* Now click on the 'Registry' tab/button on the left.
* Then click on the 'Scan for issues' button at the bottom.
* If CCleaner displays any issues,click on 'Fix selected issues'.
* You'll then be asked 'Do you want to backup changes to the registry',you must click 'YES'.
* Save the backup somewhere safe,your desktop is a good a place as any.
* Then click 'Fix Issues',then click 'Close'.
* Exit CCleaner.
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u10'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language - jre-6u10-windows-i586-p.exe' [15.52 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
Verify your installation of Sun Java:
http://www.java.com/en/download/help/testvm.xml
There appears to be a problem with Avg8 Antivirus,have you uninstalled it or is there a problem with it.
The above means you've no virus protection installed which is'nt good,and i notice you've already uninstalled Avira AntiVir Personal - FREE Antivirus.
I suggest you reinstall Avg8 Antivirus or Avira AntiVir Personal - FREE Antivirus.
When you've finished the above,post a new HijackThis log.
Let me know how your pc is running now.
_______________________________________________
ASAP & UNITE member since 2006
|
| |
|
|
