Does my computer look ok?

Briguy · 06-21-2008, 08:51 PM

Does my computer look ok?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:17 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\New Folder (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205039439571
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...02/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 4179 bytes

ComboFix 08-06-20.4 - Brian 2008-06-21 11:59:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1678 [GMT -7:00]
Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://wwõj
.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-19 08:42 . 2008-06-19 08:42 18,252 --a------ C:\FRAGLIST.LUAR
2008-06-10 13:42 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 13:42 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-31 15:07 . 2008-05-31 15:08 <DIR> d-------- C:\Program Files\iTunes
2008-05-31 15:07 . 2008-05-31 15:07 <DIR> d-------- C:\Program Files\iPod
2008-05-29 22:08 . 2008-05-29 22:08 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Talkback
2008-05-27 19:49 . 2008-05-27 19:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-24 22:44 . 2008-05-24 22:44 <DIR> d-------- C:\WINDOWS\McAfee.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 19:04 6,154,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-21 16:18 72,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 06:30 --------- d-----w C:\Documents and Settings\Brian\Application Data\OpenOffice.org2
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:35 --------- d-----w C:\Program Files\Blue Coat K9 Web Protection
2008-05-31 22:23 --------- d-----w C:\Program Files\QuickTime
2008-05-31 22:14 --------- d-----w C:\Program Files\Apple Software Update
2008-05-30 05:03 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-05-16 05:06 --------- d-----w C:\Program Files\RegCleaner
2008-05-16 05:06 --------- d-----w C:\Program Files\Quicksys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 18:52 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-04 18:52 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 18:52 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-04 18:52 --------- d-----w C:\Program Files\AVG
2008-05-04 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-02 01:43 --------- d-----w C:\Program Files\Coupons
2008-04-29 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 07:55 --------- d-----w C:\Program Files\Lavasoft
2008-04-29 07:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 19:28 --------- d-----w C:\Program Files\Java
2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 09:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 07:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 07:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 07:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-14 07:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 07:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-14 06:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 06:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-14 06:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-14 06:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-14 06:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-14 06:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-14 05:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-14 05:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-14 05:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-14 05:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-14 05:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-14 05:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 05:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-14 04:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-14 04:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 04:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 11:52 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-27 07:26 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"idsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 11:52]
R1 cwmtdi;cwmtdi;C:\WINDOWS\system32\drivers\cwmtdi.s ys [2007-05-14 16:04]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 11:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 11:52]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 11:52]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultr adfg.sys [2008-03-09 04:26]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 21:53:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 12:04:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-21 12:06:29
ComboFix-quarantined-files.txt 2008-06-21 19:06:20

Pre-Run: 95,985,532,928 bytes free
Post-Run: 95,973,265,408 bytes free

170 --- E O F --- 2008-05-19 19:23:13

g25racer · 06-21-2008, 11:03 PM

Combofix cleaned out a few things. After that it looks clean! Is the hijackthis log from before or after you ran combofix?

Briguy · 06-21-2008, 11:13 PM

Quote:

Originally Posted by g25racer

Combofix cleaned out a few things. After that it looks clean! Is the hijackthis log from before or after you ran combofix?

This is the new one.

Logfile of HijackThis v1.99.1
Scan saved at 3:20:42 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\Brian\Desktop\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205039439571
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

g25racer · 06-21-2008, 11:15 PM

Forgot byte size!!

Briguy · 06-21-2008, 11:22 PM

Quote:

Originally Posted by g25racer

Forgot byte size!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:41 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205039439571
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 4543 bytes

g25racer · 06-21-2008, 11:33 PM

Why is the byte size bigger? Did you install anything just now?

Briguy · 06-21-2008, 11:35 PM

Quote:

Originally Posted by g25racer

Why is the byte size bigger? Did you install anything just now?

I uninstalled an reinstalled ad-aware 2007

g25racer · 06-21-2008, 11:39 PM

Oh well thats why. Well other than that your system looks clean to me.

Briguy · 06-21-2008, 11:45 PM

Quote:

Originally Posted by g25racer

Oh well thats why. Well other than that your system looks clean to me.

It lags sometimes. I have no viruses or spyware. It's well defraged. Not very many running applications and my services are cleaned out. Not very many startup programs.

I have had it for a long time. I'm wondering if its the hardware because when the CPU is under stress I can hear it make a high pitch whining noise.

Intel p4 3.0ghz 800mhz fsb
PC3200 2gb

g25racer · 06-21-2008, 11:46 PM

Well that system is kinda old!! Thats why its slow.

06-21-2008, 08:51 PM	#1 (permalink)
Briguy Silver Member Join Date: Jun 2008 Posts: 116	Does my computer look ok? Does my computer look ok? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:17 PM, on 6/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Brian\Desktop\New Folder (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205039439571 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...02/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- End of file - 4179 bytes ComboFix 08-06-20.4 - Brian 2008-06-21 11:59:13.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1678 [GMT -7:00] Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://wwõj . ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-19 08:42 . 2008-06-19 08:42 18,252 --a------ C:\FRAGLIST.LUAR 2008-06-10 13:42 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 13:42 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-31 15:07 . 2008-05-31 15:08 <DIR> d-------- C:\Program Files\iTunes 2008-05-31 15:07 . 2008-05-31 15:07 <DIR> d-------- C:\Program Files\iPod 2008-05-29 22:08 . 2008-05-29 22:08 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Talkback 2008-05-27 19:49 . 2008-05-27 19:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-05-24 22:44 . 2008-05-24 22:44 <DIR> d-------- C:\WINDOWS\McAfee.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-21 19:04 6,154,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-21 16:18 72,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-19 06:30 --------- d-----w C:\Documents and Settings\Brian\Application Data\OpenOffice.org2 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 22:35 --------- d-----w C:\Program Files\Blue Coat K9 Web Protection 2008-05-31 22:23 --------- d-----w C:\Program Files\QuickTime 2008-05-31 22:14 --------- d-----w C:\Program Files\Apple Software Update 2008-05-30 05:03 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-05-16 05:06 --------- d-----w C:\Program Files\RegCleaner 2008-05-16 05:06 --------- d-----w C:\Program Files\Quicksys 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-04 18:52 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-04 18:52 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-04 18:52 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-05-04 18:52 --------- d-----w C:\Program Files\AVG 2008-05-04 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-05-02 01:43 --------- d-----w C:\Program Files\Coupons 2008-04-29 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-29 07:55 --------- d-----w C:\Program Files\Lavasoft 2008-04-29 07:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 19:28 --------- d-----w C:\Program Files\Java 2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 09:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 07:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-14 07:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 07:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 07:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 07:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 06:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 06:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 06:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 06:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-14 06:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-14 06:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-14 05:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 05:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-14 05:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-14 05:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-14 05:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-14 05:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-14 05:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 05:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 05:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 05:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-14 05:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-14 04:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-14 04:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 04:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 11:52 1177368] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-03-27 07:26 50528 C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "idsvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 11:52] R1 cwmtdi;cwmtdi;C:\WINDOWS\system32\drivers\cwmtdi.s ys [2007-05-14 16:04] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 11:52] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 11:52] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 11:52] S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultr adfg.sys [2008-03-09 04:26] S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-31 21:53:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 12:04:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-06-21 12:06:29 ComboFix-quarantined-files.txt 2008-06-21 19:06:20 Pre-Run: 95,985,532,928 bytes free Post-Run: 95,973,265,408 bytes free 170 --- E O F --- 2008-05-19 19:23:13

06-21-2008, 11:03 PM	#2 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Combofix cleaned out a few things. After that it looks clean! Is the hijackthis log from before or after you ran combofix? __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

06-21-2008, 11:15 PM	#4 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Forgot byte size!! __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

06-21-2008, 11:33 PM	#6 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Why is the byte size bigger? Did you install anything just now? __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

06-21-2008, 11:39 PM	#8 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Oh well thats why. Well other than that your system looks clean to me. __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

06-21-2008, 11:46 PM	#10 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Well that system is kinda old!! Thats why its slow. __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How do you know what kind of memory a computer has?	Novice2000	Computer Memory and Hard Drives	9	12-27-2007 11:49 PM
Compaq mother board again	exopforce	Motherboards	15	09-29-2006 01:05 AM
Is this a virus or Just stupid people working on my computer?	alan48	Computer Security	2	02-19-2005 02:44 AM
Getting a new computer, I need your help.	fultz	Desktop Computers	10	02-17-2005 01:10 AM