ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
Hijacked PC Hijacked PC
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
Old 09-17-2009, 06:53 AM   #1 (permalink)
BCs
Bronze Member
 
Join Date: Sep 2009
Location: Wantirna Australia
Posts: 48
Default Hijacked PC
My system seems to get hijacked often. you can be in the middle of anything and all of a suden the system goes haywire. It tries to open programs and run them and opens the start menu and opens programs from that. The only way to stop it is to wait for 20 seconds until it stops and then close down the open programs, hit the ESC key which sometimes stops it or reboot.Very annoying when the kids are doing homework and the program they are using closes on them. I am running XP SP3 & IE 8.

I am also running NIS 2009 & spyware terminator. Neither program is picking up anything.

Anyone with any ideas would be appreciated.
This is the 4th attempt to post as "it" keeps closing IE down







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:57 PM, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ComproRemote.lnk
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: 30112d3c573 - C:\WINDOWS\System32\divx_xx0732.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10354 bytes


Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 3

6/09/2009 2:54:24 PM
mbam-log-2009-09-06 (14-54-12).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 185445
Time elapsed: 1 hour(s), 0 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 132

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{255c13ae-4bb0-45c3-bae1-ba6c088c43b3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8fbb0d9a-1f7b-465b-8292-1593b880e92a} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\imwrvsfusmkvcmsc (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TBSB05288 (Adware.IEToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\runit (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:
C:\Program Files\runit (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> No action taken.
C:\WINDOWS\system32\LocalService32 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> No action taken.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\wopsetqfvb.tmp (Rootkit.TDSS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCFB.tmp (Rootkit.TDSS) -> No action taken.
C:\Program Files\runit\runit_32.exe (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1957994488-1645522239-725345543-500\Dc53.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{70DB4145-2119-4107-9DA1-50CD64812B1E}\RP438\A0167372.exe (Adware.AdRotator) -> No action taken.
C:\System Volume Information\_restore{70DB4145-2119-4107-9DA1-50CD64812B1E}\RP438\A0167417.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\ojaee2878.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\hqpb8081.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\vvvxq62447.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\lkug77003.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\qomut5121.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\qpbl08125.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kbiwkmfjpexnsv.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmxvpopset.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\imwrvsfusmkvcmsc.exe (Adware.AdRotator) -> No action taken.
C:\Program Files\runit\config.txt (Trojan.Agent) -> No action taken.
C:\Program Files\runit\runitu_32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.
C:\WINDOWS\system32\LocalService32\48.music.mp3.kw d (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\49.music.snd.kw d (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\50.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\50.crack.zip.kw d (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\51.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\51.keygen.zip.k wd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\52.keymaker.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\52.keymaker.zip .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\53.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\53.serial.zip.k wd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\54.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\54.setup.zip.kw d (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\55.unpack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\55.unpack.zip.k wd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\101.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\101.crack.zip .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\102.keygen.zi p (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\102.keygen.zi p.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\103.serial.zi p (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\103.serial.zi p.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\104.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\104.setup.zip .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\105.music.mp3 .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\106.music.snd .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\107.music.au. kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\108.video.wmv .kwd (Worm.Archive) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runit_32.lnk (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\els3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\atmlib32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\batt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bitsprx232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\BROWSELC32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CATSRVUT32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CERTCLI32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\clbcatex32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\clbcatq32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\CLICONFG32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cmdial3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cmutil32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\CNBJMON32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cnvfat32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\COMADDIN32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comctl3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\compobj32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comrepl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\confmsp32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\corpol32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CRYPT3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\cscdll32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\cscui32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\D3D8THK32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\d3dim32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\D3DPMESH32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\d3drm32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dbnmpntw32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DDRAWEX32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DFRGRES32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dfrgui32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DHCPMON32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DINPUT832.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dispex32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmdlgs32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmime32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMLOADER32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMSCRIPT32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMSYNTH32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmutil32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dnsrslvr32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\dot3api32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPNADDR32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPNHPAST32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpnlobby32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\DPSERIAL32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPVOICE32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPWSOCK32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmclien32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ds32gt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dsdmo32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dskquoui32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\DSOUND3D32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DSPRPRES32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dssec32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dswave32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\dx7vb32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dxtmsft32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\els32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\encdec32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\es32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\esent9732.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\eventcls32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\expsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\fde32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\feclient32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\fltlib32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\fontext32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\framebuf32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\kbiwkmqswativu.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\kdiue732.txt (Malware.Trace) -> No action taken.
BCs is offline   Reply With Quote


Old 09-17-2009, 06:58 AM   #2 (permalink)
Diamond Member
 
aviation_man's Avatar
 
Join Date: Mar 2008
Location: Somewhereland
Posts: 2,136
Default
You have many things wrong with your system32 and your Registry. It's probably because of all those keygens, keymakers, cracks and serials you downloaded (which are very illegal). I'm surprised your system hasn't 'exploded' with all the malware that's on it.
Read this first:Forum Rules Forum rules regarding cracks, keygens etc...
Then read this: ***************IMPORTANT: Please read before posting********************
__________________
OSWindows 7 CPU>AMD Phenom x4 2.9GHz Black Edition 9950MOBO ASUS M3A78-EMRAM>CORSAIR DOMINATORX DDR2 1066MHz 4GBHDD>Western Digital 75GB> Maxtor 150GB--HDD2>Seagate 500GBGPU> ATI Radeon HD 3200
Winner of Photo Tourny: In The Moment
FOLDING FOR THE GOOD OF MANKIND:[/B][b]F@H Team 44358
Last edited by aviation_man; 09-17-2009 at 07:03 AM.
aviation_man is offline   Reply With Quote
Old 09-17-2009, 07:07 AM   #3 (permalink)
Platinum Member
 
kimsland's Avatar
 
Join Date: Sep 2009
Posts: 882
Default
I would suggest the thread is locked by a Mod, instead of support members trying to help someone with "cracks" in their log

But I'll just squeeze this info in:
Malwarebytes is up to Database version: 2814 and Program version: 1.41
Yours is too old, and you need to update the program then then database, and then scan again

Also: "No action taken." on Malwarebytes scan. Means that you did not select Next at the end of the scan and remove all found Malwares, therefore the scan was a waste of time (I note you scanned for 1 Hour)

Update Malwarebytes fully
Then run a new full scan
And remove all Malwares at the end of the scan
kimsland is offline   Reply With Quote
Old 09-18-2009, 12:00 AM   #4 (permalink)
New Member
 
Join Date: Sep 2009
Posts: 5
Default remove trojan with free adaware
hi,
You should install Ad-Aware, this is the best free adware.
(I'm not working ther..)
you can download free hear myFixPc/

Good Luck
hayimj is offline   Reply With Quote
Old 09-18-2009, 08:16 AM   #5 (permalink)
BCs
Bronze Member
 
Join Date: Sep 2009
Location: Wantirna Australia
Posts: 48
Default Hijacked PC
Have updated and re run Malware See following:

Malwarebytes' Anti-Malware 1.41
Database version: 2818
Windows 5.1.2600 Service Pack 3

18/09/2009 4:10:08 PM
mbam-log-2009-09-18 (16-10-08).txt

Scan type: Quick Scan
Objects scanned: 109482
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This was run as a quick scan as distinct from the previous one which was run as a full scan.
BCs is offline   Reply With Quote


Old 09-18-2009, 04:00 PM   #6 (permalink)
Platinum Member
 
kimsland's Avatar
 
Join Date: Sep 2009
Posts: 882
Default
Please download Combofix, direct link here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your antivirus or just allow the process to run (ie if Norton pops up a warning just allow Combofix to run)
Combofix will save a log file to C:\Combofix folder, please attach > this log to a new reply.

By the way running uTorrent and Norton Internet Security together probably will never work
Utorrent is a filesharing program that can easily allow Malware into your computer. Disable (close) this first, or ideally uninstall it (I would)

And Norton (IS) is probably good at slowing computers down and that's about all. This can be proved specifically by the mess you are presently in (a good example of this poor antivirus)
Ideally un-install it and then run the removal tool (as Norton will not uninstall fully without this: http://service1.symantec.com/Support...05033108162039)

Then download and install free Avira: http://www.free-av.com/
Install; update and run a full scan
Once Avira removes all the remaining Viruses you'll never pay for an Antivirus again. But if you want to revert back to Norton afterwards that's your choice.
kimsland is offline   Reply With Quote
Old 09-19-2009, 02:16 AM   #7 (permalink)
BCs
Bronze Member
 
Join Date: Sep 2009
Location: Wantirna Australia
Posts: 48
Default Hijacked PC
Ok here is the log from combo fix.


ComboFix 09-09-18.02 - Administrator 19/09/2009 9:57.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2567 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\020000008ccd966e548C.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548O.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548P.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548S.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573C.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573O.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573P.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573S.manifest
c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\Alcmtr.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\system32\ATIDEMGX32.dll
c:\windows\system32\atikvmag32.dll
c:\windows\system32\atipdlxx32.dll
c:\windows\system32\ativcoxx32.dll
c:\windows\system32\ativvaxx32.dll
c:\windows\system32\atl32.dll
c:\windows\system32\atrace32.dll
c:\windows\system32\audiosrv32.dll
c:\windows\system32\avifile32.dll
c:\windows\system32\avtapi32.dll
c:\windows\system32\azroles32.dll
c:\windows\system32\bdco1ins32.dll
c:\windows\system32\bitsprx432.dll
c:\windows\system32\browseui32.dll
c:\windows\system32\bthci32.dll
c:\windows\system32\btpanui32.dll
c:\windows\system32\capicom32.dll
c:\windows\system32\catsrv32.dll
c:\windows\system32\cdintf25132.dll
c:\windows\system32\cdmodem32.dll
c:\windows\system32\cfgbkend32.dll
c:\windows\system32\ciadmin32.dll
c:\windows\system32\ciodm32.dll
c:\windows\system32\clusapi32.dll
c:\windows\system32\clusapi3232.dll
c:\windows\system32\cmprops32.dll
c:\windows\system32\cmsetacl32.dll
c:\windows\system32\cnbjmon3232.dll
c:\windows\system32\comcat32.dll
c:\windows\system32\comdlg3232.dll
c:\windows\system32\comdlg323232.dll
c:\windows\system32\COMMTB3232.dll
c:\windows\system32\compobj3232.dll
c:\windows\system32\comres32.dll
c:\windows\system32\comres3232.dll
c:\windows\system32\comsvcs32.dll
c:\windows\system32\confmsp3232.dll
c:\windows\system32\credssp32.dll
c:\windows\system32\credui32.dll
c:\windows\system32\credui3232.dll
c:\windows\system32\crypt323232.dll
c:\windows\system32\cryptdll32.dll
c:\windows\system32\cryptnet32.dll
c:\windows\system32\csrsrv3232.dll
c:\windows\system32\ctl3d3232.dll
c:\windows\system32\d3dx9_3232.dll
c:\windows\system32\DATAZAP32.dll
c:\windows\system32\DATZAP1632.dll
c:\windows\system32\DDAO3632.dll
c:\windows\system32\dfsshlex32.dll
c:\windows\system32\dimsntfy32.dll
c:\windows\system32\dmcompos32.dll
c:\windows\system32\DOCOBJ32.dll
c:\windows\system32\dot3dlg32.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\dot3ui32.dll
c:\windows\system32\eapp3hst32.dll
c:\windows\system32\eappgnui32.dll
c:\windows\system32\eappprxy32.dll
c:\windows\system32\eapsvc32.dll
c:\windows\system32\EMLCNS3232.dll
c:\windows\system32\exts32.dll
c:\windows\system32\fdco132.dll
c:\windows\system32\FM20ENU32.dll
c:\windows\system32\private.inf
c:\windows\winhelp.ini
I:\autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-18 14:00 . 2009-09-18 14:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-18 07:47 . 1999-12-17 12:43 86016 ----a-w- c:\windows\unvise32.exe
2009-09-18 07:47 . 2009-09-18 13:26 -------- d-----w- c:\program files\RegistryPatrol3.0
2009-09-10 21:49 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 05:14 . 2009-09-06 05:14 -------- d-----w- c:\program files\Trend Micro
2009-09-06 03:51 . 2009-09-06 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-06 03:51 . 2009-09-10 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 03:51 . 2009-09-18 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 03:51 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 03:51 . 2009-09-06 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 09:49 . 2008-11-11 03:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-08-31 09:49 . 2008-11-11 03:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-08-31 09:49 . 2008-11-11 03:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-08-31 09:49 . 2009-08-31 09:49 -------- d-----w- c:\program files\LG Electronics
2009-08-25 08:52 . 2009-08-25 08:52 -------- d-----w- C:\Sounds
2009-08-25 08:48 . 2009-09-07 04:07 -------- d-----w- C:\Temp
2009-08-25 08:18 . 2009-08-25 08:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\LG Electronics
2009-08-24 07:35 . 2009-08-24 07:35 -------- d-----w- c:\program files\BurnAware Free
2009-08-24 07:13 . 2005-03-11 08:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-08-24 07:13 . 2005-02-24 03:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-08-24 07:13 . 2005-02-24 02:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-08-24 07:13 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-24 07:13 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-08-24 07:13 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-08-24 07:13 . 2003-04-18 05:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-24 07:13 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-24 07:13 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-08-24 06:45 . 2004-07-02 22:08 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-24 06:45 . 2004-07-02 21:59 524288 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-24 06:45 . 2009-09-07 04:16 -------- d-----w- c:\program files\Extra DVD Ripper Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-19 00:03 . 2008-09-19 06:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-19 00:03 . 2008-09-25 01:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 05:47 . 2009-04-22 03:41 -------- d-----w- c:\program files\Spyware Terminator
2009-09-18 05:47 . 2009-04-22 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-18 05:45 . 2009-04-22 03:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-09-11 23:51 . 2008-09-23 04:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 06:44 . 2009-05-14 10:52 148200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-01 04:49 . 2008-08-11 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 08:39 . 2009-04-08 10:19 -------- d-----w- c:\program files\DivX
2009-08-24 07:25 . 2009-05-14 08:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-21 05:36 . 2009-07-19 04:20 -------- d-----w- c:\program files\Burn4Free
2009-08-19 07:36 . 2009-08-19 07:36 -------- d-----r- c:\program files\Norton Support
2009-08-19 06:12 . 2008-09-18 07:58 -------- d-----w- c:\program files\Symantec
2009-08-19 06:12 . 2009-08-16 08:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-19 06:12 . 2009-08-16 08:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 06:12 . 2009-08-16 08:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-19 06:12 . 2009-08-16 08:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 19:11 . 2009-08-16 08:50 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-17 08:40 . 2008-09-19 02:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-16 08:50 . 2008-10-23 04:38 -------- d-----w- c:\program files\Norton Internet Security
2009-08-16 08:50 . 2008-10-22 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-16 08:50 . 2009-08-16 08:50 -------- d-----w- c:\program files\Windows Sidebar
2009-08-16 08:50 . 2008-09-19 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-16 08:49 . 2008-10-22 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-15 12:46 . 2009-01-14 11:04 -------- d-----w- c:\program files\Windows Live
2009-08-15 12:46 . 2009-08-15 12:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-09 06:40 . 2009-08-08 04:53 -------- d-----w- c:\program files\NortonInstaller
2009-08-08 05:31 . 2009-03-07 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-07 09:32 . 2009-06-23 06:02 -------- d-----w- c:\program files\Bitcollider
2009-08-05 09:24 . 2008-09-18 07:12 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 07:31 . 2009-08-03 07:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-03 07:16 . 2009-08-03 07:16 -------- d-----w- c:\program files\AskBarDis
2009-07-24 19:23 . 2008-12-16 10:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 05:42 . 2008-09-28 06:02 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-07-17 05:41 . 2008-09-28 06:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-13 13:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2007-07-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2008-12-25 08:33 . 2008-12-25 08:33 713526 ----a-w- c:\program files\dvd43.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1a71246c-3eb0-4d6c-af77-3ab756017c3a}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2009-07-08 03:55 2215960 ----a-w- c:\program files\BTjunkie\tbBTj1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1a71246c-3eb0-4d6c-af77-3ab756017c3a}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BackupOutlook"="c:\program files\wisco\BackupOutlook\BackupOutlook.exe" [2008-09-11 1146232]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-16 288560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareT erminatorShield.exe" [2009-07-18 2173440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2008-9-19 147456]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2008-9-19 77824]
Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1995-10-6 14848]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-4-29 969792]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-9-25 1044572]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020 .00B\SymEFA.sys [16/09/2009 1:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B \BHDrvx86.sys [16/09/2009 1:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.0 0B\cchpx86.sys [16/09/2009 1:49 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916. 003\IDSXpx86.sys [17/09/2009 1:31 PM 329080]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22/04/2009 1:41 PM 142592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [24/02/2009 3:08 PM 55152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [16/09/2009 1:49 PM 117640]
R3 ComproDTVNet;Compro DTV Ethernet;c:\windows\system32\drivers\CpDTVNet.sys [19/09/2008 1:43 PM 20992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/08/2009 6:00 PM 102448]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [25/08/2008 12:31 PM 947840]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 Usbnic;OTi Network Driver Module;c:\windows\system32\drivers\Usbnic.sys [18/09/2008 2:39 PM 11536]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [12/09/2006 4:18 PM 117632]
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\NeroLiveEpgUpdate-BRENDAN_Administrator.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 03:51]

2009-09-18 c:\windows\Tasks\User_Feed_Synchronization-{9D0D8826-48B5-4844-9723-FA73C8CB0539}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
Trusted Zone: myspace.com\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-30112d3c573 - c:\windows\System32\divx_xx0732.dll
AddRemove-3da8b6e7-2867-a7ba-194f-8cf8ad7397fb - c:\windows\system32\3da8b6e7-2867-a7ba-194f-8cf8ad7397fb.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KKSKUPUP\HijackThis.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b0,2f ,cb,40,67,01,4d,bf,2f,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,63,8a ,41,73,f2,b3,48,be,00,73,\

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\SystemCertificates\AddressB ook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.*"*Å*#\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.*;*C*b%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.*"*v*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.*"*v*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.ex e
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-09-19 10:06 - machine was rebooted




ComboFix-quarantined-files.txt 2009-09-19 00:06

Pre-Run: 435,846,311,936 bytes free
Post-Run: 441,732,681,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

334 --- E O F --- 2009-09-11 13:33
BCs is offline   Reply With Quote
Old 09-19-2009, 03:23 AM   #8 (permalink)
Platinum Member
 
kimsland's Avatar
 
Join Date: Sep 2009
Posts: 882
Default
Wow that worked really well and removed lots of horrible stuff
Please Start > Run > Combofix /U to uninstall it (Note: It will look like its about to run again but it won't )

Please Restart (if haven't done already)

Then download and run CCleaner
And also run CCleaner "Registry" fix buuton (run this fix and repair all (without backup) at least 3 times

Then restart again

Then provide a new HJT log again
By the way I have to go out, but will check back later
Also you decided to keep Norton, are you also still running File Share programs too?
kimsland is offline   Reply With Quote
Old 09-19-2009, 04:38 AM   #9 (permalink)
BCs
Bronze Member
 
Join Date: Sep 2009
Location: Wantirna Australia
Posts: 48
Default
Have run Ccleaner and seemed to work well. Latest log from Hijack this is attached. Problem i now have is from time of shutdown restart to machine actually restsrting is now 7 minutes. Never been more than ~ 90 secs.
My turn to head out now. Brother in laws 50th Bday have to set up some gear
Cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:24 PM, on 19/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ComproRemote.lnk
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10465 bytes
BCs is offline   Reply With Quote
Old 09-19-2009, 05:02 AM   #10 (permalink)
Moderator
 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Near Joliet Illinois
Age: 39
Posts: 3,647
Default
You were very infected. Most likely being that infected has caused some windows file issues now and is causing the slow down. You might want to think about doing a clean install of windows now. Back up any data you want saved though.
__________________
Motherboard - Gigabyte GA-EP45-UD3R
CPU - E8400
Memory - 2GB Corsair XMS2 (2x 1gb)
Graphics - ATI HD3870
Hard Drives - 250GB Seagate
DVD Drive - Lite-On
DVD Burner - Lite-On
Power Supply - Rosewill RP600V2-S-SL 600W
22" Acer widescreen AL2216WBD
johnb35 is online now   Reply With Quote
Reply
Page 1 of 2 1 2

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijacked PC BCs Computer Security 1 09-06-2009 04:41 AM
Two names on network; hotmail hijacked pb3046 Computer Security 2 11-01-2008 08:02 PM
'Surge' in hijacked PC networks apj101 General Computer Chat 2 03-20-2007 11:49 PM
My Desktop has been Hijacked! stu2003 Internet Discussion 2 06-09-2005 10:32 AM
hijacked by home search assistent tthaitanium Internet Discussion 3 08-03-2004 09:42 AM


All times are GMT +1. The time now is 07:58 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum