|
|
|
my HiJackThis Log PLease Help!!!!
|
|
|
tegralips
Newbie
|
25. December 2007 @ 18:10 |
Link to this message
|
Hi ladies and gents, hope everyone is having a merry Christmas! Mines would be much merrier if someone can help me out getting rid of a Virtumonde virus! Here's my hijackthis log!
Thanks in advance,
Monica
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:54 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mop\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rfjmoko.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MOP\Application Data\Mozilla\Profiles\default\cy7nnxh8.slt\prefs.js)
O1 - Hosts: 80.190.241.30 home.edonkey.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA8511] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7017] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1444] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2749] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3348] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9562] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3622] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6478] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\Policies\Explorer\Run: [{90C69C38-0702-1033-1008-040410220001}] "C:\Program Files\Common Files\{90C69C38-0702-1033-1008-040410220001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1198454246261
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...175/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\kyzexet.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Online Services\howyvyran.html
--
End of file - 9824 bytes
me
|
|
Advertisement
|
|
|
|
Senior Member
|
26. December 2007 @ 04:49 |
Link to this message
|
Reboot into safe mode, run hijackThis, place check marks next to the items listed below. Click, fix checked. Reboot. Let me know how the PC is running, so far. This will take a few steps to straighten out. Pretty good mess!
O1 - Hosts: 80.190.241.30 home.edonkey.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rfjmoko.exe
IF YOU DO NOT RECOGNIZED THIS, REMOVE IT.
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_0 1.src");
(C:\Documents and Settings\MOP\Application Data\Mozilla\Profiles\default\cy7nnxh8.slt\prefs.js)
O4 - HKLM\..\RunOnce: [SpybotDeletingA8511] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted
O4 - HKLM\..\RunOnce: [SpybotDeletingC7017] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1444] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2749] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3348] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9562] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3622] command /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6478] cmd /c del "C:\WINDOWS\SYSTEM32\hgdbb.dll_tobedeleted"
O4 - HKCU\..\Policies\Explorer\Run: [{90C69C38-0702-1033-1008-040410220001}] "C:\Program Files\Common Files\{90C69C38-0702-1033-1008-040410220001}\Update.exe" mc-110-12-0000140
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\kyzexet.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Online Services\howyvyran.html
|
|
tegralips
Newbie
|
26. December 2007 @ 15:47 |
Link to this message
|
I've deleted everything in the checkmark! Here's my new HiJackThis Log!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:44 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mop\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\MOP\Application Data\Mozilla\Profiles\default\cy7nnxh8.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{90C69C38-0702-1033-1008-040410220001}] "C:\Program Files\Common Files\{90C69C38-0702-1033-1008-040410220001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1198454246261
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...175/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8002 bytes
me
|
Senior Member
|
26. December 2007 @ 16:03 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 26. December 2007 @ 16:17
|
|
tegralips
Newbie
|
26. December 2007 @ 16:28 |
Link to this message
|
I ran Vundofix but it doesn't find anything. But when I run Spybot Search And Destroy, I keep on getting the Virtumonde(c:/windows/system32/hgdbb.dll) virus that it can't remove because another program is using it. Even in safe mode I can't remove it. But my computer is running a little better now, but every once in awhile like maybe half an hour, i get a pop up.
me
|
Senior Member
|
27. December 2007 @ 02:22 |
Link to this message
|
Make sure you have removed this.
O4 - HKCU\..\Policies\Explorer\Run: [{90C69C38-0702-1033-1008-040410220001}] "C:\Program Files\Common Files\{90C69C38-0702-1033-1008-040410220001}\Update.exe" mc-110-12-0000140
Next, download ComboFix, follow the instructions. Post log.
http://forums.majorgeeks.com/showthread.php?t=134965
Are the pop-ups gone?
This message has been edited since posting. Last time this message was edited on 27. December 2007 @ 02:24
|
|
tegralips
Newbie
|
27. December 2007 @ 03:51 |
Link to this message
|
Just finished running Combofix, that was an impressive program! Hopefully my system is clear! Here's the log!
ComboFix 07-12-21.4 - Mop 2007-12-27 0:35:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.596 [GMT -8:00]
Running from: C:\Documents and Settings\Mop\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mop\Application Data\Dxcdmns.dll
C:\Program Files\Common Files\{90C69~1
C:\Program Files\racle~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\temp\tn3
C:\WINDOWS\crosof~1
C:\WINDOWS\SYSTEM32\bbdgh.ini
C:\WINDOWS\SYSTEM32\bbdgh.ini2
C:\WINDOWS\system32\hgdbb.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\zxdnt3d.cfg
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.
2007-12-27 00:13 . 2007-12-27 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-26 00:14 . 2007-12-26 00:14 <DIR> d-------- C:\Program Files\Opera 9.5 beta
2007-12-25 23:19 . 2007-12-25 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-25 22:53 . 2007-12-25 23:02 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-25 22:00 . 2007-12-25 23:03 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-25 20:18 . 2007-12-25 20:21 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-25 17:35 . 2007-12-25 17:34 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-12-25 17:34 . 2007-12-25 17:36 <DIR> d-------- C:\Documents and Settings\Mop\.housecall6.6
2007-12-25 13:52 . 2007-12-25 19:35 <DIR> d-------- C:\VundoFix Backups
2007-12-25 11:45 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\aaoatgkj.dll
2007-12-25 11:45 . 2007-12-25 11:44 2,509 --a------ C:\WINDOWS\SYSTEM32\aaoatgkj.xml
2007-12-25 11:40 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\sxgefkbk.dll
2007-12-25 11:40 . 2007-12-25 11:44 2,509 --a------ C:\WINDOWS\SYSTEM32\sxgefkbk.xml
2007-12-24 23:20 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\nyirledu.dll
2007-12-24 23:20 . 2007-12-24 23:17 2,509 --a------ C:\WINDOWS\SYSTEM32\nyirledu.xml
2007-12-24 23:11 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\wuvgbcoz.dll
2007-12-24 23:11 . 2007-12-24 23:17 2,509 --a------ C:\WINDOWS\SYSTEM32\wuvgbcoz.xml
2007-12-24 14:16 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\ywpufqyx.dll
2007-12-24 14:16 . 2007-12-24 23:09 2,509 --a------ C:\WINDOWS\SYSTEM32\ywpufqyx.xml
2007-12-24 13:33 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\ncxeapgh.dll
2007-12-24 13:33 . 2007-12-24 13:41 2,509 --a------ C:\WINDOWS\SYSTEM32\ncxeapgh.xml
2007-12-24 12:52 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\ikcphowe.dll
2007-12-24 12:52 . 2007-12-24 13:28 2,509 --a------ C:\WINDOWS\SYSTEM32\ikcphowe.xml
2007-12-24 12:42 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\tzsuxmgl.dll
2007-12-24 12:42 . 2007-12-24 12:41 2,509 --a------ C:\WINDOWS\SYSTEM32\tzsuxmgl.xml
2007-12-24 12:13 . 2007-12-24 12:41 2,509 --a------ C:\WINDOWS\SYSTEM32\wcjpoebt.xml
2007-12-24 12:13 . 2007-12-25 11:42 22 --a------ C:\WINDOWS\pskt.ini
2007-12-24 12:12 . 2007-12-24 12:13 98,368 --a------ C:\WINDOWS\SYSTEM32\wcjpoebt.dll
2007-12-23 23:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-12-23 23:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-12-13 00:14 . 2007-12-25 13:48 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-12-11 21:59 . 2007-12-11 22:34 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-06 23:15 . 2007-12-06 23:15 268 --ah----- C:\sqmdata01.sqm
2007-12-06 23:15 . 2007-12-06 23:15 244 --ah----- C:\sqmnoopt01.sqm
2007-12-04 16:16 . 2007-12-04 16:16 552 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2007-12-04 14:27 . 2007-12-04 14:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-03 00:19 . 2007-12-03 00:19 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-03 00:13 . 2007-12-03 00:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-03 00:13 . 2007-12-03 00:13 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-03 00:13 . 2007-12-03 00:13 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-03 00:13 . 2007-12-03 00:13 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-02 21:53 . 2007-12-05 02:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\mm6
2007-12-02 21:53 . 2007-12-05 02:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\hv2
2007-12-02 21:53 . 2007-12-02 22:47 <DIR> d-------- C:\WINDOWS\SYSTEM32\dr1
2007-12-02 21:53 . 2007-12-02 23:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\daSgo18
2007-12-02 21:53 . 2007-12-02 21:53 134 --a------ C:\n.bat
2007-12-02 21:32 . 2007-12-02 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Receipts
2007-12-02 21:28 . 2007-12-02 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2007-12-02 21:28 . 2007-12-02 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2007-12-02 21:28 . 2007-12-25 02:06 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-12-02 21:27 . 2007-12-02 21:27 <DIR> d-------- C:\Program Files\Nikon
2007-12-02 21:27 . 2007-12-11 13:34 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-12-02 21:27 . 2007-12-11 13:34 <DIR> d-------- C:\Documents and Settings\Mop\Application Data\Nikon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 08:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-25 21:32 --------- d-----w C:\Program Files\Azureus
2007-12-25 19:49 --------- d-----w C:\Documents and Settings\Mop\Application Data\AVG7
2007-12-24 20:57 --------- d-----w C:\Program Files\eMule
2007-12-24 20:52 --------- d-----w C:\Documents and Settings\Mop\Application Data\wsInspector
2007-12-22 21:49 --------- d-----w C:\Documents and Settings\Mop\Application Data\dvdcss
2007-12-07 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 05:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 04:18 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-24 06:38 92,064 ----a-w C:\Documents and Settings\Mop\mqdmmdm.sys
2007-04-24 06:38 9,232 ----a-w C:\Documents and Settings\Mop\mqdmmdfl.sys
2007-04-24 06:38 79,328 ----a-w C:\Documents and Settings\Mop\mqdmserd.sys
2007-04-24 06:38 66,656 ----a-w C:\Documents and Settings\Mop\mqdmbus.sys
2007-04-24 06:38 6,208 ----a-w C:\Documents and Settings\Mop\mqdmcmnt.sys
2007-04-24 06:38 5,936 ----a-w C:\Documents and Settings\Mop\mqdmwhnt.sys
2007-04-24 06:38 4,048 ----a-w C:\Documents and Settings\Mop\mqdmcr.sys
2007-04-24 06:38 25,600 ----a-w C:\Documents and Settings\Mop\usbsermptxp.sys
2007-04-24 06:38 22,768 ----a-w C:\Documents and Settings\Mop\usbsermpt.sys
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 02:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 17:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-06 12:38]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 17:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffgdb]
iiffgdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mop^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Mop\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7755347A6A077D595455]
Rundll32.exe C:\WINDOWS\system32\aaoatgkj.dll,s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-10-06 19:10 344064 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 03:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2004-09-27 09:52 610304 --a------ C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 09:43 53248 --------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-08-02 11:33 159832 --a------ C:\Program Files\Common Files\AOL\1125370106\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-08-15 19:15 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2005-03-15 07:58 53248 --a------ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 10:00 200704 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-05-19 18:38 1957888 --------- C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 18:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI]
2007-01-24 13:24 151552 --a------ C:\WINDOWS\SQ931STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 13:31]
S3 SQ931;Zoom 2.0 Webcam;C:\WINDOWS\system32\Drivers\Capt931a.sys [2007-01-25 10:07]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys []
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 08:44:56 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-26 04:18:56 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 00:45:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2007-12-27 0:47:23 - machine was rebooted
.
2007-12-25 03:30:04 --- E O F ---
me
|
Senior Member
|
27. December 2007 @ 18:43 |
Link to this message
|
OK, run AVG Rootkit Tool. Post new Combofix log.
|
|
tegralips
Newbie
|
28. December 2007 @ 02:16 |
Link to this message
|
Just deleted those logs! Heres my new HiJackthis Log! *cross fingers*
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:10 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mop\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\MOP\Application Data\Mozilla\Profiles\default\cy7nnxh8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1198454246261
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...175/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7142 bytes
me
|
Senior Member
|
28. December 2007 @ 02:30 |
Link to this message
|
|
Your log report is clean!
|
|
tegralips
Newbie
|
28. December 2007 @ 17:04 |
Link to this message
|
|
*high fives*
Thanks Quick Draw for all of your help! My computer is even faster than it has ever been before, and I thank you for it! Thanks! People like you make this forum GGGGreat!
me
|
Senior Member
|
28. December 2007 @ 17:27 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 28. December 2007 @ 17:32
|
|
Advertisement
|
|
|
|
tegralips
Newbie
|
28. December 2007 @ 18:26 |
Link to this message
|
|
Will do! Have a safe and happy new years to you too Mister!
me
|
|
