Please help me!!!!!!!!!!!!!!!!!!!!!!!!
- Thread starter lemon07r
- Start date
Please follow the advice in this thread and post the malwarebytes log and hijackthis log. Run Malwarebytes first and then hijackthis.
http://www.computerforum.com/131398-important-please-read-before-posting.html
http://www.computerforum.com/131398-important-please-read-before-posting.html
I still would like to know whats on your system. Here at computerforum, those 2 programs is what we request when looking through malware problems. You may be facing more than just a redirect. So when you have time, please run both programs and post both logs back here.
lemon07r
New Member
I finally got the logs.
Malwarebyte log:
Malwarebytes' Anti-Malware 1.42
Database version: 3425
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/24/2009 5:42:33 PM
mbam-log-2009-12-24 (17-42-20).txt
Scan type: Quick Scan
Objects scanned: 254706
Time elapsed: 7 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: cravc4.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Documents and Settings\All Users\_qbothome (Trojan.Qakbot) -> No action taken.
Files Infected:
C:\WINDOWS\cravc4.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Shortcuts.000 (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sys32_nov.exe (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\system32\drivers\813c2b07.sys (Rootkit.Rustock) -> No action taken.
C:\WINDOWS\Temp\wpv031253178221.exe.vir (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv181252482203.exe.vir (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\wpv581252503472.exe.vir (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\Temp\wpv701256841021.exe.vir (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\wpv821254042811.exe.vir (Trojan.Proxy) -> No action taken.
C:\WINDOWS\Temp\wpv821255562528.exe.vir (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\wpv941255889155.exe.vir (Trojan.Pincav) -> No action taken.
C:\WINDOWS\Temp\_ex-08.exe.vir (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rashid\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Local Settings\Temp\b.exe.vir (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\sys32_nov.exe (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\ekalazexizuxaw.dll (Trojan.Hiloti) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msa.exe.vir (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\11805624 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\11805624.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\pc11805624ins (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\cert.pem (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\crontab.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\ps_dump_Administrator.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\seclog.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot_installed (Trojan.Qakbot) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolSystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.TDSS) -> No action taken.
Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:44 PM, on 12/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rashid.RASHID-B30C0429\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\RASHID~2.RAS\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; Media Center PC 2.8; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cargamer.net/game/324/FFX_Runner.html"
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261675420578
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\wpa.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 5422 bytes
Its a bit big though.
Malwarebyte log:
Malwarebytes' Anti-Malware 1.42
Database version: 3425
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/24/2009 5:42:33 PM
mbam-log-2009-12-24 (17-42-20).txt
Scan type: Quick Scan
Objects scanned: 254706
Time elapsed: 7 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 43
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: cravc4.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Documents and Settings\All Users\_qbothome (Trojan.Qakbot) -> No action taken.
Files Infected:
C:\WINDOWS\cravc4.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Shortcuts.000 (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sys32_nov.exe (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\system32\drivers\813c2b07.sys (Rootkit.Rustock) -> No action taken.
C:\WINDOWS\Temp\wpv031253178221.exe.vir (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv181252482203.exe.vir (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\wpv581252503472.exe.vir (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\Temp\wpv701256841021.exe.vir (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\wpv821254042811.exe.vir (Trojan.Proxy) -> No action taken.
C:\WINDOWS\Temp\wpv821255562528.exe.vir (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\wpv941255889155.exe.vir (Trojan.Pincav) -> No action taken.
C:\WINDOWS\Temp\_ex-08.exe.vir (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rashid\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Local Settings\Temp\b.exe.vir (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\sys32_nov.exe (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\ekalazexizuxaw.dll (Trojan.Hiloti) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msa.exe.vir (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\11805624 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\11805624.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\11805624\pc11805624ins (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\cert.pem (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\crontab.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\ps_dump_Administrator.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\seclog.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot_installed (Trojan.Qakbot) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rashid.RASHID-B30C0429\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolSystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.TDSS) -> No action taken.
Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:44 PM, on 12/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rashid.RASHID-B30C0429\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\RASHID~2.RAS\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; Media Center PC 2.8; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cargamer.net/game/324/FFX_Runner.html"
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261675420578
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\wpa.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 5422 bytes
Its a bit big though.
You are still infected with nasties. I need you to run combofix. Go here and download it and follow the instructions.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
click on the bleeping computer link part way down that page. Save it to your desktop.
After its done scanning it will produce a log. In your next reply I need that log plus a fresh hijackthis log with an update on how your computer is running.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
click on the bleeping computer link part way down that page. Save it to your desktop.
After its done scanning it will produce a log. In your next reply I need that log plus a fresh hijackthis log with an update on how your computer is running.