how-to block ads
|
trhgbtrh4
@teksavvy.com
| reply to TheJoker
Re: HJT Log: "System Security", Vundo, Koobface
Hm, I guess this computer wasn't completely clean like I thought.
Spybot isn't showing anything that can't be removed. The only things that show up again are tracking cookies (casalemedia, doubleclick, mediaplex, zedo).
The first URL for Security Check shows not found, while the second URL also shows not found, but gives me a link to a SecurityCheck.exe file. If I should download that file instead, please let me know.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:03 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\AVG\AVG8\avgrsx.exe
D:\AVG\AVG8\avgemc.exe
D:\AVG\AVG8\avgnsx.exe
D:\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
D:\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »gfx2.hotmail.com/mail/w3/resourc···Upld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8123 bytes
ComboFix log:
ComboFix 09-05-23.04 - GHOST 05/24/2009 15:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1382 [GMT -4:00]
Running from: c:\documents and settings\GHOST\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\GHOST\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\temp\FT62
c:\windows\system32\biyedepu.dll
c:\windows\system32\dPI19
c:\windows\system32\drivers\npf.sys
c:\windows\system32\nugebini.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\yilefaju.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.
2009-05-22 17:20 . 2009-05-22 17:20 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-22 04:52 . 2009-05-22 04:52 -------- d-----w c:\program files\ESET
2009-05-22 04:49 . 2009-05-22 04:49 -------- d-sh--w c:\documents and settings\GHOST\IECompatCache
2009-05-22 04:49 . 2009-05-22 04:49 -------- d-sh--w c:\documents and settings\GHOST\PrivacIE
2009-05-22 04:45 . 2009-05-22 04:45 -------- d-sh--w c:\documents and settings\GHOST\IETldCache
2009-05-22 04:42 . 2009-05-22 04:42 -------- d-----w c:\windows\ie8updates
2009-05-22 04:41 . 2009-05-22 04:42 -------- dc-h--w c:\windows\ie8
2009-05-22 04:39 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-22 03:03 . 2009-05-22 03:03 152576 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-22 03:02 . 2008-04-14 00:12 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-22 03:02 . 2008-04-14 00:12 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-22 03:02 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-22 03:02 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-22 03:02 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-22 03:00 . 2001-08-17 17:28 64605 -c--a-w c:\windows\system32\dllcache\vvoice.sys
2009-05-22 02:59 . 2001-08-17 16:51 58368 -c--a-w c:\windows\system32\dllcache\smiminib.sys
2009-05-22 02:57 . 2001-08-17 17:51 17280 -c--a-w c:\windows\system32\dllcache\scr111.sys
2009-05-22 02:56 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\qvusd.dll
2009-05-22 02:55 . 2008-04-13 18:54 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys
2009-05-22 02:54 . 2001-08-18 02:36 372824 -c--a-w c:\windows\system32\dllcache\iconf32.dll
2009-05-22 02:53 . 2001-08-17 16:12 24618 -c--a-w c:\windows\system32\dllcache\fa410nd5.sys
2009-05-22 02:52 . 2001-08-17 17:52 7680 -c--a-w c:\windows\system32\dllcache\cd20xrnt.sys
2009-05-22 02:51 . 2001-08-17 18:07 101888 -c--a-w c:\windows\system32\dllcache\adpu160m.sys
2009-05-22 02:38 . 2009-05-22 02:43 -------- d-----w C:\1b3f0d8e1e3ecd0efc101d94
2009-05-22 02:16 . 2009-05-22 02:16 -------- d-----w C:\[u]0[/u]9453ea7dd3061594a2e
2009-05-21 23:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 23:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 12:30 . 2009-05-21 12:30 2 ---h--w c:\windows\sto452730.dat
2009-05-20 04:57 . 2009-05-20 04:57 2 ---h--w c:\windows\sto453251.dat
2009-05-20 04:57 . 2009-05-20 04:57 2 ---h--w c:\windows\sto453224.dat
2009-05-20 02:57 . 2009-05-20 02:57 2 ---h--w c:\windows\sto453250.dat
2009-05-18 19:58 . 2008-09-05 00:22 447752 ----a-r c:\windows\system32\vp6vfw.dll
2009-05-18 19:58 . 2009-05-18 19:58 10134 ----a-r c:\documents and settings\GHOST\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-18 19:58 . 2009-05-18 19:58 -------- d-----w c:\program files\Microsoft WSE
2009-05-18 16:02 . 2009-05-15 20:43 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-18 16:02 . 2009-05-15 20:43 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-18 16:02 . 2009-05-15 20:43 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-18 16:02 . 2009-05-15 20:43 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-18 16:02 . 2009-05-15 20:43 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-18 16:02 . 2009-05-15 20:43 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-18 16:02 . 2009-05-15 20:43 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-18 16:01 . 2009-05-15 20:42 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-18 16:01 . 2009-05-15 20:42 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-10 15:22 . 2009-05-10 15:22 -------- d-----w c:\program files\Logitech
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-25 15:42 . 2009-05-24 18:57 117760 ----a-w c:\documents and settings\GHOST\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 23:16 . 2008-05-22 18:55 75272 ----a-w c:\documents and settings\GHOST\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 03:04 . 2009-05-22 03:04 57344 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-28a5d86d-n\Decora-SSE.dll
2009-05-22 03:04 . 2009-05-22 03:04 24064 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7ab017e2-n\Decora-D3D.dll
2009-05-22 03:04 . 2009-05-22 03:04 315392 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-45bb53eb-n\jogl.dll
2009-05-22 03:04 . 2009-05-22 03:04 20480 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-45bb53eb-n\jogl_awt.dll
2009-05-22 03:04 . 2009-05-22 03:04 114688 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-45bb53eb-n\jogl_cg.dll
2009-05-22 03:04 . 2009-05-22 03:04 499712 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f83bb7b-n\msvcp71.dll
2009-05-22 03:04 . 2009-05-22 03:04 499712 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f83bb7b-n\jmc.dll
2009-05-22 03:04 . 2009-05-22 03:04 348160 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f83bb7b-n\msvcr71.dll
2009-05-22 03:04 . 2009-05-22 03:04 20480 ----a-w c:\documents and settings\GHOST\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-520ec009-n\gluegen-rt.dll
2009-05-22 03:04 . 2009-05-22 03:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-22 03:04 . 2008-05-22 19:56 -------- d-----w c:\program files\Java
2009-05-22 02:47 . 2008-12-14 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-22 00:46 . 2008-07-16 18:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 00:45 . 2008-06-07 20:10 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 23:17 . 2008-05-23 02:10 -------- d-----w c:\documents and settings\GHOST\Application Data\Xfire
2009-05-20 02:09 . 2008-05-23 23:18 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-18 19:43 . 2008-05-22 06:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 18:43 . 2008-05-24 00:40 189496 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-18 18:20 . 2008-05-24 00:40 139984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 20:43 . 2008-05-23 23:18 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-15 20:43 . 2008-05-23 23:18 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-15 20:43 . 2008-05-23 23:18 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-15 20:43 . 2008-05-23 23:18 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-13 03:27 . 2008-06-12 00:58 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-10 15:22 . 2008-05-22 23:01 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-19 01:43 . 2009-04-19 01:43 -------- d-----w c:\program files\Common Files\snpstd2
2009-04-19 01:22 . 2009-04-19 01:22 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-15 19:31 . 2009-04-23 00:06 1099128 ----a-w c:\documents and settings\GHOST\Application Data\Mozilla\Firefox\Profiles\1nrtpfvv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 19:31 . 2009-04-23 00:06 729088 ----a-w c:\documents and settings\GHOST\Application Data\Mozilla\Firefox\Profiles\1nrtpfvv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-11 04:24 . 2009-04-11 04:24 -------- d-----w c:\program files\Common Files\Digidesign
2009-03-14 06:10 . 2008-06-12 00:42 905776 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-13 22:32 . 2008-05-24 00:40 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-08 08:34 . 2007-12-07 02:01 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2007-12-12 09:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2007-12-12 09:51 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2007-12-12 09:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2007-12-12 09:51 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2007-12-12 09:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2007-05-11 04:54 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2007-12-12 09:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2007-12-12 09:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2007-12-12 09:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="d:\avg\AVG8\avgtray.exe" [2009-05-15 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\GHOST\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-6-11 2860792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-23 113664]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2008-5-22 805392]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-7-15 1073152]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w d:\superantispyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 18:13 49152 ----a-w c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-15 20:43 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless G Desktop Card Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Desktop Card Client Utility.lnk
backup=c:\windows\pss\Belkin Wireless G Desktop Card Client Utility.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Xfire\\xfire.exe"=
"d:\\AVG\\AVG8\\avgupd.exe"=
"d:\\AVG\\AVG8\\avgemc.exe"=
"d:\\Ares\\Ares.exe"=
"d:\\Battlefield2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Grid\\GRID.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\nexon\Combat Arms\CombatArms.exe"= d:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"d:\nexon\Combat Arms\Engine.exe"= d:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"d:\\Nexon\\Combat Arms\\NMService.exe"=
"d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\StarWarsBattlefront2\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Battlefield2142\\BF2142.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"d:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"d:\\Kane and Lynch\\kaneandlynch.exe"=
"d:\\Pure\\Pure.exe"=
"d:\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\FarCry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\FarCry2\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Dead Space\\Dead Space.exe"=
"d:\\[u]0[/u]07 -Quantum of Solace\\JB_LiveEngine_s.exe"=
"c:\\Documents and Settings\\GHOST\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"d:\\Mozilla Firefox\\firefox.exe"=
"d:\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Saints Row 2\\SR2_pc.exe"=
"d:\\Burnout Paradise\\BurnoutLauncher.exe"=
"d:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"d:\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\TomClancy's HAWX\\HAWX.exe"=
"d:\\Call Of Duty - WAW\\CoDWaW.exe"=
"d:\\Call Of Duty - WAW\\CoDWaWmp.exe"=
"d:\\VLC Player\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.exe"=
"d:\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 7:18 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 7:18 PM 108552]
R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG8 E-mail Scanner;d:\avg\AVG8\avgemc.exe [7/4/2008 12:17 PM 908568]
R2 avg8wd;AVG8 WatchDog;d:\avg\AVG8\avgwdsvc.exe [7/4/2008 12:17 PM 298776]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [8/5/2008 6:58 PM 29184016]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.sys [6/7/2008 3:46 PM 303616]
S3 DJUSB;DMM Controller;c:\windows\system32\drivers\DM2.sys [6/1/2001 7:26 PM 10758]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys --> c:\windows\system32\drivers\mbamcatchme.sys [?]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [8/8/2007 11:40 AM 26656]
S3 SASENUM;SASENUM;d:\superantispyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\GHOST\Application Data\Mozilla\Firefox\Profiles\1nrtpfvv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: d:\avg\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\GHOST\Application Data\Mozilla\Firefox\Profiles\1nrtpfvv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\GHOST\Application Data\Mozilla\Firefox\Profiles\1nrtpfvv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-05-24 15:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-725345543-691866490-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,f0,3f,fa,d3,bd,37,26,32,b5,57,94,95,cd,b4,61,62,2a,98,0f,ce,
83,51,75,e8,36,00,dc,9e,f8,e9,be,9c,cd,c2,0c,1a,d6,59,7e,a1,67,7c,b4,6a,a9,\
"rkeysecu"=hex:c6,86,bc,a9,69,07,42,42,5b,31,fd,9b,ee,e1,ef,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
d:\superantispyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2400)
d:\program files\Stardock\ObjectDock\DockShellHook.dll
d:\logitech\SetPoint\GameHook.dll
d:\logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\avg\AVG8\avgrsx.exe
d:\avg\AVG8\avgnsx.exe
d:\avg\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-05-24 15:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 19:30
Pre-Run: 6,800,150,528 bytes free
Post-Run: 7,068,229,632 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
332 --- E O F --- 2009-05-22 02:48 | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| quote:
The first URL for Security Check shows not found, while the second URL also shows not found, but gives me a link to a SecurityCheck.exe file.
The author changed the links to exe files rather than zip files, so the correct links should be:
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- In the drop down box labeled Files of type change the type to Text file.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Please post a new HijackThis log, the log from Security Check (checkup.txt), the log from Kaspersky's online scanner, and note any errors encountered.
--
Proud ASAP member since 2005 | |
trhgbtrh4
@teksavvy.com
| Posting the log of Security Check while I wait the 2+ hours it'll take to scan with Kaspersky again...
Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
ESETOnlineScannerv3
WindowsLiveOneCaresafetyscanner
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
[color=red]Spybot SDHelper is disabled![/color]
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)
Scan took 18 seconds.
`````````End of Log``````````` | |
trhgbtrh4
@teksavvy.com
| Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 25, 2009 03:17:40
Records in database: 2237504
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 175809
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:12:13
No malware has been detected. The scan area is clean.
The selected area was scanned.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:47 AM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\AVG\AVG8\avgemc.exe
D:\AVG\AVG8\avgrsx.exe
D:\AVG\AVG8\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
D:\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »gfx2.hotmail.com/mail/w3/resourc···Upld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8282 bytes | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Create a Restore Point (XP ONLY)
•Go to Start > Programs > Accessories > System Tools > System Restore
•Select Create a Restore Point and then Next.
•In the box for "Restore point description", enter a descriptive name and press Create
•When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
•Go to Start > Run and type the below line:
cleanmgr
•Click OK
•If you have more than one drive, select the drive Windows is installed on
•Click OK
•When Disk Cleanup opens, select the More Options tab
•In the System Restore section (bottom of window), click Cleanup
•In the confirmation window that opens, click Yes[
Now click on the Disk Cleanup tab and select the following items:
•Downloaded Program Files
•Temporary Internet Files
•Recycle Bin
•Temporary Files
Click OK
in the confirmation window, select Yes (Disk Cleanup will close).
I recommend installing a software firewall. I didn't see one in your HijackThis log (the XP firewall isn't sufficient protection, it only checks incoming data). Two free firewalls are Sunbelt Personal Firewall available from »www.sunbeltsoftware.com/Home-Hom···Firewall, and Zone Alarm available from »www.zonealarm.com/security/en-us···wall.htm. There is a tutorial on understanding firewalls at »www.bleepingcomputer.com/forums/···l60.html and and a tutorial from Markus Jansson on setting up ZoneAlarm at »www.markusjansson.net/eza.html. If you install ZoneAlarm (an excellent firewall), I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com, and doesn't actually block any spyware. You can read more about Ask.com here.
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955
Does your problem appear resolved?
--
Proud ASAP member since 2005 | |
-
|
