ComputerForum.com ComputerForum.com  
Go Back   Computer Forum > Computer Software > Computer Security
HJT log. HJT log.
Register FAQ Members List Calendar Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 05-22-2008, 03:01 AM   #1 (permalink)
Diamond Member
 
kobaj's Avatar
 
Join Date: Jan 2005
Posts: 2,218
Default HJT log.
A friends pc started acting up with pop-ups and the usual slow down. So after running several virus/spyware scanners including avast and adware se I asked him to post a HJT log. He couldnt figure out how to register, so I am posting it for him. I dont know his specs other then its windows xp on a dell inspiron 600m.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:40 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ryan\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s15.invisionfree.com/survivorpanama/index.php?act=idx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [282da6ad] rundll32.exe "C:\WINDOWS\system32\sloxfqsv.dll",b
O4 - HKLM\..\Run: [BM2b1e9531] Rundll32.exe "C:\WINDOWS\system32\vxuvuplh.dll",s
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Data\resources\xfire_exception.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\Data\resources\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\Data\resources\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\Data\resources\QBMsgMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9681 bytes
__________________
My site My sigThanks Kornowski for ava and sig.

Winner of photo competition: Bokeh.
Last edited by kobaj; 05-22-2008 at 03:32 AM.
kobaj is offline   Reply With Quote


Old 05-22-2008, 08:41 AM   #2 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,407
Default
Have them run combofix and post the log, download it from one of these places.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 05-24-2008, 06:33 AM   #3 (permalink)
New Member
 
Join Date: May 2008
Posts: 1
Default
I'm the friend Kobaj is talking about...here's what the CF log said:

ComboFix 08-05-21.3 - Ryan 2008-05-23 22:39:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2b1e9531.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtsPJDv.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\SYSTEM32\CKTBIkkj.ini
C:\WINDOWS\SYSTEM32\CKTBIkkj.ini2
C:\WINDOWS\system32\doroeayn.ini
C:\WINDOWS\SYSTEM32\eNTEdMoq.ini
C:\WINDOWS\SYSTEM32\eNTEdMoq.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fvaiwvem.ini
C:\WINDOWS\SYSTEM32\gfLlonpo.ini
C:\WINDOWS\SYSTEM32\gfLlonpo.ini2
C:\WINDOWS\SYSTEM32\ggfPoUvw.ini
C:\WINDOWS\system32\grkmdrwh.ini
C:\WINDOWS\system32\iOruxyay.ini
C:\WINDOWS\SYSTEM32\iOruxyay.ini2
C:\WINDOWS\SYSTEM32\MUCfNXyb.ini
C:\WINDOWS\SYSTEM32\MUCfNXyb.ini2
C:\WINDOWS\SYSTEM32\mvrlvgvn.ini
C:\WINDOWS\system32\pilirlgi.ini
C:\WINDOWS\system32\ponbvqxp.ini
C:\WINDOWS\SYSTEM32\pqAKlnpo.ini
C:\WINDOWS\SYSTEM32\pqAKlnpo.ini2
C:\WINDOWS\SYSTEM32\vDJPstwa.ini
C:\WINDOWS\SYSTEM32\vDJPstwa.ini2
C:\WINDOWS\SYSTEM32\vsqfxols.ini
C:\WINDOWS\system32\wibwtuuu.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-22 21:38 . 2008-05-22 21:53 12,856 --a------ C:\WINDOWS\SYSTEM32\ljJASigf.dll
2008-05-22 20:28 . 2008-05-22 20:28 2,126 --a------ C:\WINDOWS\SYSTEM32\wpa.dbl
2008-05-20 23:03 . 2008-05-20 23:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 23:03 . 2008-05-20 23:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 02:29 . 2008-05-18 02:38 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Ventrilo
2008-05-18 02:27 . 2008-05-18 02:27 <DIR> d-------- C:\Program Files\Ventrilo
2008-05-15 16:27 . 2008-05-15 16:27 11,264 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\InstallShield
2008-05-14 17:33 . 2008-05-14 17:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-14 17:12 . 2008-05-14 17:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-14 16:57 . 2008-05-14 16:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-14 16:40 . 2008-05-14 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 16:21 . 2008-05-14 16:21 <DIR> d-------- C:\Program Files\CCleaner
2008-05-14 14:59 . 2008-05-14 15:08 0 --ahs---- C:\WINDOWS\SYSTEM32\qAHiknpo.ini
2008-05-13 20:29 . 2008-05-13 20:29 41,296 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-05-07 19:02 . 2008-05-07 19:02 27,264 --a------ C:\WINDOWS\SYSTEM32\tuvWpPFY.dll
2008-05-05 16:43 . 2008-05-10 22:11 <DIR> d-------- C:\Program Files\mIRC
2008-05-05 16:43 . 2008-05-10 22:13 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-24 04:28 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Skype
2008-05-24 03:34 --------- d-s---w C:\Program Files\Xfire
2008-05-22 20:58 --------- d-----w C:\Program Files\Winamp Remote
2008-05-19 22:09 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Xfire
2008-05-18 20:38 --------- d-----w C:\Documents and Settings\Ryan\Application Data\AVG7
2008-05-18 07:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 22:06 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-05-17 04:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 04:11 --------- d-----w C:\Program Files\7-Zip
2008-05-15 20:55 --------- d-----w C:\Program Files\Winamp
2008-05-14 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 21:45 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Lavasoft
2008-05-13 20:21 --------- d-----w C:\Program Files\Google
2008-05-13 05:16 --------- d-----w C:\Program Files\Oberon Media
2008-05-03 15:01 --------- d-----w C:\Program Files\Java
2008-04-28 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-25 03:51 --------- d-----w C:\Documents and Settings\Ryan\Application Data\AdobeUM
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-05-31 00:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2002-10-04 20:09 204,800 ----a-w C:\WINDOWS\INF\FXPlugin.dll
2006-09-18 03:56 23,552 ----a-w C:\Program Files\mozilla firefox\plugins\DrvMgt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-05-07 19:02 27264 --a------ C:\WINDOWS\system32\tuvWpPFY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da12dc30-347b-4458-9925-df7cb918e2e3}]
C:\WINDOWS\system32\kvuikrdw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 05:40 172280]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33 155648]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-10-07 20:44 610304]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 17:51 579584]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 18:00 86102]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-23 19:32 98304]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 09:57 133016]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 17:16 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"282da6ad"="C:\WINDOWS\system32\sloxfqsv.dll" [ ]
"BM2b1e9531"="C:\WINDOWS\system32\vxuvuplh.dll " [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 14:48 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 15:34 190696]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\tuvWpPFY.dll [2008-05-07 19:02 27264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWpPFY]
tuvWpPFY.dll 2008-05-07 19:02 27264 C:\WINDOWS\SYSTEM32\tuvWpPFY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\swgbg.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Holotable\\Holotable.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr .exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"19578:TCP"= 19578:TCP:BitComet 19578 TCP
"19578:UDP"= 19578:UDP:BitComet 19578 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-15 18:16]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-07-14 14:04]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 16:10]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8519905-072E-374F-38A4-F9611BD7564A}]
C:\Program Files\Bifrost\msnplus.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BEDROOM-Ryan).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 23:23:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tuvWpPFY.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
************************************************** ************************
.
Completion time: 2008-05-23 23:47:44 - machine was rebooted [Ryan]
ComboFix-quarantined-files.txt 2008-05-24 04:47:14

Pre-Run: 17,625,137,152 bytes free
Post-Run: 17,667,170,304 bytes free

239 --- E O F --- 2008-05-16 21:32:47
chewie6246 is offline   Reply With Quote
Old 05-24-2008, 07:08 AM   #4 (permalink)
Diamond Member
 
cohen's Avatar
 
Join Date: Jan 2008
Location: Melbourne, Australia
Age: 14
Posts: 8,166
Default
WOW!!! I know it is a Dell Computer (laptop???)

You use a lot of communication programs....

One thing that did catch my eye was

Quote:
-------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tuvWpPFY.dll
__________________
My Website Forum Site JOIN NOW!
Desktop / Laptop
Motherboard: Asus M2N X SE / Unknown
CPU: AMD 4000+ 2.1GHZ x 2 / Intel Pentium M 1.60GHZ
Ram: 2GB Transcend / 512MB
Hard Drive: 320GB / 60GB
Video Card: Both Intergrated
Monitor: 19" Benq / 15.4"
OS: Windows Vista Home Premium Service Pack 1 / Windows XP Professional Service Pack 3
cohen is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer cant find network unless in safe mode. (hjt log included) ukulele_ninja Computer Security 6 12-30-2007 02:42 AM
C:\WINDOWS\system32\rxx6ot.sys (HJT log) Livzz Computer Security 4 10-22-2006 04:47 AM
HJT log 34erd Computer Security 5 08-10-2006 01:04 PM
HJT log 34erd Computer Security 11 06-16-2006 05:12 AM
HJT Log what is it? zeneena Computer Security 10 12-07-2005 11:11 PM

All times are GMT +1. The time now is 07:09 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum