ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
Alright, different PC now. Alright, different PC now.
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 07-07-2008, 02:57 AM   #1 (permalink)
Bronze Member
 
Join Date: Jun 2008
Posts: 27
Question Alright, different PC now.
Hi yall, I was ere recently trying to work on my desktop- but I think the video card has gone to crap so now I am using a horribly old laptop (windows 2000) but I have to have something to get online with for now and this is it. I have deleted everything I know for sure is bad but my knowledge of this stuff is still growing. If you would take a look at my combofix and HJT log I would appreciate it. Just incase I missed something (and I probably did). Due to my knowledge of PCs and also my knowledge of windows 2000. Thanks a ton.
amber

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:43 PM, on 7/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O24 - Desktop Component 0: (no name) - http://pictures.sprintpcs.com/mmps/0...ut=255,255,255

--
End of file - 5734 bytes

ComboFix 08-07-05.1 - ComEvo 07/06/2008 17:25:58.1 - NTFSx86
Running from: C:\Documents and Settings\ComEvo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ComEvo\Start Menu\Programs\Outerinfo
C:\Documents and Settings\ComEvo\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\ComEvo\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winpop
C:\temp\iee
C:\WINNT\Fonts\acrsec.fon
C:\WINNT\Fonts\acrsecB.fon
C:\WINNT\Fonts\acrsecI.fon
C:\WINNT\smdat32m.sys
C:\WINNT\system32\MSINET.oca
C:\WINNT\system32\o02PrEz
C:\WINNT\Web\default.htt
C:\WINNT\wr.txt

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 17:26 . 07/06/08 05:26p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_258.dat
2008-07-06 17:09 . 07/06/08 05:12p <DIR> d-------- C:\WINNT\system32\drivers\Avg
2008-07-06 17:09 . 07/06/08 05:09p <DIR> d-------- C:\Program Files\AVG
2008-07-06 17:09 . 07/06/08 05:09p <DIR> d-------- C:\Documents and Settings\ComEvo\Application Data\AVGTOOLBAR
2008-07-06 17:09 . 07/06/08 05:09p <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\avg8
2008-07-06 17:09 . 07/06/08 05:09p 96,520 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2008-07-06 17:09 . 07/06/08 05:09p 75,272 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2008-07-06 17:09 . 07/06/08 05:09p 10,520 --a------ C:\WINNT\system32\avgrsstx.dll
2008-07-05 01:33 . 07/05/08 01:33a 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-07-05 01:33 . 07/05/08 01:33a 1,409 --a------ C:\WINNT\QTFont.for
2008-07-03 23:53 . 07/03/08 11:53p <DIR> d-------- C:\Program Files\Adaptec
2008-07-03 23:08 . 07/03/08 11:08p <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2008-07-03 21:49 . 07/03/08 09:49p <DIR> d-------- C:\Program Files\Ventrilo
2008-07-03 21:49 . 07/03/08 09:50p <DIR> d-------- C:\Documents and Settings\ComEvo\Application Data\Ventrilo
2008-07-03 21:48 . 07/03/08 09:48p <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 21:47 . 03/26/06 04:23p 19,728 --a------ C:\WINNT\system32\hidserv.exe
2008-07-03 21:47 . 03/26/06 04:23p 19,728 --a--c--- C:\WINNT\system32\dllcache\hidserv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-06 21:49 --------- d-----w C:\Program Files\Symantec
2008-07-06 09:44 --------- d-----w C:\Program Files\StarWarsGalaxies
2008-07-05 06:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 06:35 --------- d-----w C:\Program Files\QuickTime
2008-07-04 05:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-04 04:53 --------- d-----w C:\Program Files\Ares
2008-07-04 04:20 --------- d-----w C:\Program Files\Hitman Pro
2008-07-04 04:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 04:12 --------- d-----w C:\Documents and Settings\ComEvo\Application Data\Lavasoft
2006-09-15 19:42 271 ---h--w C:\Program Files\desktop.ini
2006-09-15 19:42 21,952 ---h--w C:\Program Files\folder.htt
2006-03-26 22:27 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/05 01:03p 36975]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [09/15/03 09:00p 270336]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [07/11/03 03:51p 57344]
"SBC Yahoo! Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [07/14/03 02:55p 1028096]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/06/08 05:09p 1177368]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"LTWinModem1"="ltmsg.exe" [10/28/03 01:00a 40960 C:\WINNT\system32\ltmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [07/06/08 05:09p]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [07/06/08 05:09p]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [07/06/08 05:09p]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [07/06/08 05:09p]
S3 el575nd5;FE575C-3Com 10/100 LAN CardBus PC Card Driver;C:\WINNT\system32\DRIVERS\el575nd5.sys [08/06/02 06:02p]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys []

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PRISMSVR.EXE - C:\WINNT\system32\PRISMSVR.EXE


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 17:27:52
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 07/06/2008 17:28:48
ComboFix-quarantined-files.txt 2008-07-06 22:28:42

Pre-Run: 15,535,013,888 bytes free
Post-Run: 15,626,514,432 bytes free

106 --- E O F --- 2008-07-04 04:13:27
amberhasCTDs is offline   Reply With Quote


 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
is this computer alright? I need a PSU (power supply unit) jasonxman Desktop Computers 2 02-26-2007 01:54 AM
Alright, final draft.. Luchman Desktop Computers 5 11-23-2006 04:06 AM
Alright Good Gaming Computer??? z_x71 Desktop Computers 11 01-30-2006 09:47 PM
Alright, I AM FED UP WITH THIS! Darkomen Desktop Computers 45 10-18-2005 10:21 AM
Alright.. found the card(s) i'm getting.. XGamer360 Video Cards and Monitors 16 08-13-2005 03:20 AM


All times are GMT +1. The time now is 04:43 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum