ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
hj log + malware hj log + malware
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 10-06-2009, 12:01 AM   #1 (permalink)
Bronze Member
 
Join Date: Jan 2006
Posts: 38
Default hj log + malware
can anyone find smth or is it time to get a new computer?


Malwarebytes' Anti-Malware 1.41
Database version: 2887
Windows 5.1.2600 Service Pack 2

6/10/2009 8:34:37 AM
mbam-log-2009-10-06 (08-34-37).txt

Scan type: Quick Scan
Objects scanned: 113868
Time elapsed: 15 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:21 AM, on 6/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1078081533-2111687655-854245398-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 Startup: Reboot.exe (User 'Administrator')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 User Startup: Reboot.exe (User 'Administrator')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143243688453
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/la.../SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9644 bytes
alex12345 is offline   Reply With Quote


Old 10-06-2009, 04:34 AM   #2 (permalink)
Moderator
 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Near Joliet Illinois
Age: 39
Posts: 3,612
Default
Telling us what you think the problem is might help us determine whats wrong. We need to know what issues you are having. Is this an old system?
__________________
Motherboard - Gigabyte GA-EP45-UD3R
CPU - E8400
Memory - 2GB Corsair XMS2 (2x 1gb)
Graphics - ATI HD3870
Hard Drives - 250GB Seagate
DVD Drive - Lite-On
DVD Burner - Lite-On
Power Supply - Rosewill RP600V2-S-SL 600W
22" Acer widescreen AL2216WBD
johnb35 is offline   Reply With Quote
Old 10-06-2009, 10:07 AM   #3 (permalink)
Bronze Member
 
Join Date: Jan 2006
Posts: 38
Default
sorry john, i should have said i notice my computer running pathetically slowly at times. it takes 20 sec to open a folder or open the address bar.
malware bytes recently gave me a false positive on some applications, which i deleted b4 i learned they wern't malware.
can malware bytes restore them, apparantly they where interent related program files?
would cleaning out the heating fan help my CPU work faster?
it's just frustrating trying to do work and the computer doesn't respond to my commands.

comp stats
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name RAD2400
System Manufacturer AWARD_
System Model AWRDACPI
System Type X86-based PC
Processor x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2399 Mhz
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 5/11/2004
SMBIOS Version 2.2
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name RAD2400\owner
Time Zone AUS Eastern Daylight Time
Total Physical Memory 1,280.00 MB
Available Physical Memory 491.29 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.81 GB
Page File C:\pagefile.sys


Is my computer just extremely lazy?
alex12345 is offline   Reply With Quote
Old 10-06-2009, 10:48 AM   #4 (permalink)
Platinum Member
 
kimsland's Avatar
 
Join Date: Sep 2009
Posts: 882
Default
Startup Malwarebytes again and update it (your definitions are old)
Run a Full scan
Remove all found Malwares at the end of the scan

Upgrade your Java Version here: http://java.com/en/download/inc/windows_upgrade_ie.jsp
Once installed, download >> JavaRa
After selecting "English" language, then select "Remove Older Versions"

Uninstall Spybots S&D and Registry Mechanic

Run HJT again (scan only)
And place a check (tick) next to the following and press Fix:
Quote:
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - S-1-5-21-1078081533-2111687655-854245398-500 Startup: Reboot.exe (User 'Administrator')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 User Startup: Reboot.exe (User 'Administrator')
Close HJT

Restart

Download this Hosts file: http://mvps.org/winhelp2002/hosts.zip
Unzip, then run MVPS.bat

Then. Start > Run > services.msc
  • Scroll down to "DNS Client", Right-click and select: Properties
    Click the drop-down arrow for "Startup type"
    Select: Manual click Apply/Ok
  • Scroll down to "Help and Support", Right-click and select: Properties
    Click the drop-down arrow for "Startup type"
    Select: Manual click Apply...
    Then click on the Recovery Tab (still in "Help and Support" service)
    Change the 3 failure boxes to "Take No Action"
    Click Apply > OK
Close Services Window

Then Start > Run > CHKDSK /R (note: 1 space before "/") >OK
Type "Y" (without the quotes)
Close the command window

Restart
Your computer will automatically run a Check Disk, do not press any keys
Your computer may restart once more at the end of the scan

Once started again
Download and run CCleaner, to clean out all temp files
Then (still in CCleaner) click on the large "Registry" button
Click on "Scan for issues" then Fix all found issues (backup not required)
Run "Scan for issues" and "Fix" another two more times (it takes about 3 times, to get it all )
Close CCleaner

Go to Start > Run > Control Panel > Scheduled Tasks
Right click on any tasks and remove (delete) all tasks
Close Scheduled Tasks window

Open IE > Tools > Internet Options > Advanced > Reset
Restart IE
Go to MS and do all Windows updates (including SP3 and IE8)

Download Combofix, direct link here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your antivirus or just allow the process to run (ie if Avira pops up with a warning just allow Combofix to run)
Combofix will save a log file to C:\Combofix folder, please attach > this log to a new reply.

Then Start > Run > Combofix /u (to uninstall it)

Download >> Smart Defrag
Install, but remove the two ticks on Yahoo, during installation
Once installed, click on "Schedule" button, and remove "Enable Schedule" check mark
Click on "Options" button, and remove "Auto start with Windows"
Apply > OK
Then run a "Deep Optimize" (note this part may take a while, possibly 2 hours, you may want to turn off Internet (modem) and also stop any screen saver)

Restart

You should be fine from there
kimsland is offline   Reply With Quote
Old 10-06-2009, 09:09 PM   #5 (permalink)
Bronze Member
 
Join Date: Jan 2006
Posts: 38
Default
thank you Kimsland for your instruction, i'm just about to start, i guess i'll get back to you in 24hrs when i've done what you recommended.
greatly appreciated!
Alexander
alex12345 is offline   Reply With Quote


Old 10-06-2009, 11:41 PM   #6 (permalink)
Platinum Member
 
kimsland's Avatar
 
Join Date: Sep 2009
Posts: 882
Default
No problems
kimsland is offline   Reply With Quote
Old 10-07-2009, 09:56 PM   #7 (permalink)
Bronze Member
 
Join Date: Jan 2006
Posts: 38
Default
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\autochk.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\CCleaner
2009-10-05 16:16 . 2009-10-05 16:31 17200624 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-10-05 16:16 . 2009-10-05 16:16 8406648 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\Googl eToolbarInstaller.exe
2009-10-05 16:11 . 2009-10-05 16:12 10309448 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-10-05 16:06 . 2009-10-05 16:06 64000 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.d ll
2009-10-05 16:06 . 2009-10-05 16:06 52288 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-05 16:06 . 2009-10-05 16:06 50688 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-05 16:06 . 2009-10-05 16:06 114688 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-14 09:07 . 2009-07-21 10:21 38208 ----a-w- c:\documents and settings\owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-14 09:07 . 2009-09-14 09:07 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\NOS
2009-09-14 09:06 . 2009-09-14 09:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-14 09:01 . 2009-09-14 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 09:01 . 2009-09-14 09:01 -------- d-----w- c:\program files\NOS
2009-09-10 00:35 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-07 00:31 . 2009-01-20 10:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 00:29 . 2009-09-06 13:08 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-06 18:58 . 2009-02-15 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-06 18:53 . 2006-01-12 14:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-06 18:51 . 2006-01-12 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 14:40 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-05 16:05 . 2008-05-04 21:36 488968 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\setup.exe
2009-10-05 15:57 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 00:48 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-09-17 01:47 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 10:15 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 03:55 . 2005-05-03 13:11 52288 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 04:46 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 04:54 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 04:53 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 07:03 . 2007-01-10 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-08 07:03 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-09-07 07:13 . 2009-09-07 07:13 -------- d-----w- c:\program files\Nitro PDF
2009-09-07 07:11 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-09-07 07:07 . 2009-09-07 07:07 -------- d-----w- c:\documents and settings\owner\Application Data\pdf995
2009-09-07 06:59 . 2009-09-07 06:59 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-07 06:59 . 2009-09-07 06:59 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-07 06:59 . 2009-09-07 06:59 -------- d-----w- c:\program files\pdf995
2009-09-06 14:03 . 2006-02-14 06:12 -------- d-----w- c:\program files\Java
2009-09-06 09:03 . 2005-09-04 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-06 04:43 . 2007-10-09 08:07 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-04 12:47 . 2009-09-04 12:47 -------- d-----w- c:\program files\Trend Micro
2009-09-01 15:12 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\program files\iTunes
2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\program files\iPod
2009-09-01 15:08 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-09-01 15:05 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-08-17 00:37 . 2009-08-17 00:37 -------- d-----w- c:\program files\MSBuild
2009-08-17 00:37 . 2009-08-17 00:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 00:31 . 2009-08-17 00:31 -------- d-----w- c:\program files\MSXML 6.0
2009-08-06 08:24 . 2005-05-03 12:59 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 08:24 . 2005-05-03 12:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 08:24 . 2005-05-25 18:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 08:24 . 2005-05-12 22:23 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 08:24 . 2004-09-11 19:38 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 08:24 . 2002-08-29 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 08:23 . 2005-05-03 12:59 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 08:23 . 2006-03-25 00:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 08:23 . 2005-05-25 17:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 08:23 . 2004-09-11 19:38 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2005-05-03 12:59 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_S4I3T1.EXE" [2004-01-13 99840]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-13 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.s ys [6/09/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/05/2005 11:30 PM 450400]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [6/03/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [29/08/2002 11:00 PM 14336]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\dr ivers\GLKbFilter.sys [6/03/2008 9:34 PM 11264]
S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/11/2006 3:29 PM 29744]
S4 gupdate1c98d3f3d9daa2e;Google Update Service (gupdate1c98d3f3d9daa2e);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 5:25 AM 133104]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [3/04/2006 7:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]

2009-10-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 08:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 00:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,6 6,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66, 61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f, 00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff ,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a, 00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc ,00,07,00,10,00,15,00,4a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PDesk\PDKERNEL.DLL
c:\windows\system32\PDesk\PDTOOLS.DLL
c:\windows\system32\PDesk\PDRESENG.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
.
************************************************** ************************
.
Completion time: 2009-10-07 0:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 13:44

Pre-Run: 67,741,810,688 bytes free
Post-Run: 68,419,436,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn

987 --- E O F --- 2009-10-06 16:01
alex12345 is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
malware problem / hijackthis log noobie3177 Computer Security 3 05-04-2009 05:05 AM
Hijackthis log and Malware log riosfernando Computer Security 1 02-06-2009 10:21 PM
slow computer due to malware and hijackthis&combo fix log tartox Computer Security 1 01-05-2009 06:29 PM
HIJACK LOG, malware signs speedaccordinly Computer Security 5 06-06-2008 09:05 PM
HJ Log: Malware saisrini85 Computer Security 1 10-13-2005 12:08 PM


All times are GMT +1. The time now is 05:27 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum