Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can someone please analyze my hijackthis log

Started by criss86 , Oct 05 2006 10:43 PM

  • Please log in to reply

#1
criss86
Posted 05 October 2006 - 10:43 PM

criss86

    Member

  • Member
  • PipPip
  • 15 posts
here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:54:44 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\servicemp.exe
C:\WINDOWS\system32\wintrust32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe
O23 - Service: WinTrust32 - Unknown owner - C:\WINDOWS\system32\wintrust32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
loophole
Posted 05 October 2006 - 11:13 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

I see some things that need to go. Can I have the below log and we can remove them

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
criss86
Posted 05 October 2006 - 11:34 PM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok loophole...here is the log from combofix

Christopher - 06-10-06 1:32:49.64 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Christopher\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-02 15:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 15:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 15:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 15:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-29 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2006-09-28 01:26 135,168 --a------ C:\WINDOWS\system32\wintrust32.exe
2006-09-28 01:25 135,168 --a------ C:\WINDOWS\system32\servicemp.exe
2006-09-28 01:24 14,848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-28 00:51 70,656 --a------ C:\WINDOWS\system32\secdir.sys
2006-09-28 00:51 327,680 --a------ C:\WINDOWS\system32\Flocker.dll
2006-09-26 21:17 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-09-26 00:28 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-20 21:31 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-20 21:31 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-20 21:31 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-20 21:31 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-20 21:31 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-20 21:31 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-10 02:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-10 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-10 01:50 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-09-09 21:24 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-09 21:22 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-09 21:22 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-09 21:22 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-09 21:22 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-09 21:22 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-09 21:21 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-09 21:21 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-09 21:21 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-09-09 21:21 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-09-09 21:21 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-09 20:52 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-09 20:52 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2006-09-09 20:52 901,242 --a------ C:\WINDOWS\system32\ialmdd5.dll
2006-09-09 20:52 878,651 --a------ C:\WINDOWS\system32\ialmdd5(4).dll
2006-09-09 20:52 878,651 --a------ C:\WINDOWS\system32\ialmdd5(3).dll
2006-09-09 20:52 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2006-09-09 20:52 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-09 20:52 73,728 --a------ C:\WINDOWS\system32\hccutils.dll
2006-09-09 20:52 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4020.dll
2006-09-09 20:52 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2006-09-09 20:52 53,248 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-09-09 20:52 516,096 --a------ C:\WINDOWS\system32\ialmgdev.dll
2006-09-09 20:52 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2006-09-09 20:52 446,464 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-09-09 20:52 40,960 --a------ C:\WINDOWS\system32\igfxexps.dll
2006-09-09 20:52 37,951 --a------ C:\WINDOWS\system32\ialmrnt5(4).dll
2006-09-09 20:52 37,951 --a------ C:\WINDOWS\system32\ialmrnt5(3).dll
2006-09-09 20:52 36,990 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2006-09-09 20:52 348,160 --a------ C:\WINDOWS\system32\igfxsrvc(3).dll
2006-09-09 20:52 348,160 --a------ C:\WINDOWS\system32\igfxsrvc(2).dll
2006-09-09 20:52 225,280 --a------ C:\WINDOWS\system32\igfxpph(3).dll
2006-09-09 20:52 225,280 --a------ C:\WINDOWS\system32\igfxpph(2).dll
2006-09-09 20:52 213,274 --a------ C:\WINDOWS\system32\ialmdev5.dll
2006-09-09 20:52 2,289,664 --a------ C:\WINDOWS\system32\ialmgicd.dll
2006-09-09 20:52 178,779 --a------ C:\WINDOWS\system32\ialmdev5(4).dll
2006-09-09 20:52 178,779 --a------ C:\WINDOWS\system32\ialmdev5(3).dll
2006-09-09 20:52 147,456 --a------ C:\WINDOWS\system32\igfxpph.dll
2006-09-09 20:52 139,264 --a------ C:\WINDOWS\system32\igfxdev(3).dll
2006-09-09 20:52 139,264 --a------ C:\WINDOWS\system32\igfxdev(2).dll
2006-09-09 20:52 135,168 --a------ C:\WINDOWS\system32\igfxdev.dll
2006-09-09 20:52 126,976 --a------ C:\WINDOWS\system32\hkcmd(3).exe
2006-09-09 20:52 126,976 --a------ C:\WINDOWS\system32\hkcmd(2).exe
2006-09-09 20:52 118,784 --a------ C:\WINDOWS\system32\hccutils(3).dll
2006-09-09 20:52 118,784 --a------ C:\WINDOWS\system32\hccutils(2).dll
2006-09-09 20:52 118,395 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2006-09-09 20:52 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2006-09-09 20:52 108,092 --a------ C:\WINDOWS\system32\ialmdnt5(4).dll
2006-09-09 20:52 108,092 --a------ C:\WINDOWS\system32\ialmdnt5(3).dll
2006-09-09 20:52 1,503,232 --a------ C:\WINDOWS\system32\igfxress.dll
2006-09-09 20:52 1,302,812 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2006-09-09 20:50 17,056 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-09-09 20:50 1,654,784 --a------ C:\WINDOWS\system32\W29MLRES.DLL
2006-09-09 20:46 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-09-09 20:46 685,056 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006-09-09 20:46 33,818 --a------ C:\WINDOWS\system32\HSFCI010.dll
2006-09-09 20:46 200,064 --a------ C:\WINDOWS\system32\drivers\HSFHWICH.sys
2006-09-09 20:46 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-09-09 20:46 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2006-09-09 20:45 28,672 -ra------ C:\WINDOWS\cttib1.dll
2006-09-09 20:42 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-09 20:42 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-09 20:42 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-09 20:42 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-09 20:42 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-09 20:42 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-09 20:42 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-09 20:42 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-09 20:42 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-09 20:42 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-09 20:42 273,168 --a------ C:\WINDOWS\system32\drivers\STAC97.sys
2006-09-09 20:42 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-09 20:42 192,512 --a------ C:\WINDOWS\system32\stac97co.dll
2006-09-09 20:42 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-09 20:42 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-09 20:42 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-09 20:41 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-09-09 20:41 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2006-09-09 20:41 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2006-09-09 20:41 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2006-09-09 14:33 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 14:33 0 -rahs---- C:\MSDOS.SYS
2006-09-09 14:33 0 -rahs---- C:\IO.SYS
2006-09-09 14:33 0 --a------ C:\CONFIG.SYS
2006-09-09 14:33 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 14:31 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 14:31 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 14:31 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 14:31 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 14:31 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-09 14:31 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 14:31 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 14:31 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-09 14:31 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 14:31 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 14:31 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 14:31 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 14:31 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-09 14:31 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 14:31 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 14:31 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 14:31 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 14:31 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 14:31 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 14:31 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 14:31 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 14:31 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 14:31 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 14:31 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 14:31 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 14:31 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 14:31 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 14:31 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 14:31 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-09 14:31 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 14:31 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 14:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 14:31 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-09 14:31 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 14:31 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 14:31 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-09 14:31 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 14:31 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-09 14:31 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 14:31 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 14:31 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 14:31 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 14:31 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 14:31 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-09 14:31 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 14:30 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 14:29 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 14:29 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 14:29 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 14:29 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-09 14:29 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 14:29 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 14:29 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 14:29 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 14:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 14:29 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 14:29 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 14:29 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-09 14:29 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 14:29 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 14:29 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 14:29 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-09 14:29 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 14:29 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 14:29 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 14:29 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 14:29 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 14:29 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 14:29 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 14:29 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 14:29 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 14:29 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 14:29 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-09 14:29 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 14:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 14:29 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 14:29 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 14:29 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-09 14:29 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 14:29 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 14:29 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 14:29 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 14:29 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-09 14:29 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 14:29 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 14:29 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 14:29 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 14:29 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 14:29 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 14:29 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-09 14:29 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 14:29 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-09 14:29 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 14:29 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 14:29 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 14:29 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-09 14:29 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 14:29 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 14:29 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 14:29 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-09 14:29 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 14:29 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 14:29 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 14:29 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 14:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 14:29 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 14:29 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 14:29 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 14:29 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 14:29 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 14:29 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 14:29 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 14:29 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 14:29 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 14:29 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-09 14:29 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 14:29 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 14:29 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 14:29 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 14:29 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 14:29 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-09 14:29 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 14:29 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 14:29 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 14:29 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 14:29 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 14:29 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 14:29 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-09 14:29 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 10:26 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-09 10:25 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2006-09-09 10:25 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-09 10:25 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-09 10:25 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-09-09 10:25 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2006-09-09 10:25 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2006-09-09 10:24 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-09 10:24 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-09 10:24 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-09 10:23 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-09 10:23 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-09 10:23 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-09 10:23 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-09 10:23 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-09 10:23 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-09 10:23 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-09 10:23 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-09 10:23 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-09 10:23 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-09 10:23 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-09 10:23 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-09 10:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-09 10:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-09 10:23 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-09 10:23 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-09 10:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 10:23 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-09 10:23 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 01:30 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 01:07 -------- d-------- C:\Documents and Settings\Christopher\Application Data\uTorrent
2006-10-05 19:41 -------- d-------- C:\Documents and Settings\Christopher\Application Data\DivX
2006-10-05 15:31 -------- d-------- C:\Program Files\DivX
2006-10-01 22:10 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Free Download Manager
2006-10-01 20:51 -------- d-------- C:\Program Files\Pawn 2
2006-10-01 18:39 -------- d-------- C:\Documents and Settings\Christopher\Application Data\LimeWire
2006-09-29 15:23 -------- d-------- C:\Documents and Settings\Christopher\Application Data\WinPatrol
2006-09-28 01:34 -------- d-------- C:\Program Files\Folder Security Personal 3.6
2006-09-28 00:27 -------- d-------- C:\Program Files\uTorrent
2006-09-26 13:48 -------- d-------- C:\Program Files\Internet Explorer
2006-09-25 15:30 -------- d---s---- C:\Documents and Settings\Christopher\Application Data\Microsoft
2006-09-25 15:14 -------- d-------- C:\Program Files\Torrent Harvester
2006-09-21 02:36 -------- d-------- C:\Program Files\Common Files\SystemRequirementsLab
2006-09-21 02:36 -------- d-------- C:\Program Files\Common Files
2006-09-21 01:15 -------- d-------- C:\Program Files\Free Download Manager
2006-09-20 19:53 -------- d-------- C:\Program Files\CDisplay
2006-09-16 16:12 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Media Player Classic
2006-09-11 01:53 -------- d-------- C:\Program Files\LimeWire
2006-09-10 02:23 -------- d-------- C:\Program Files\Messenger
2006-09-10 02:22 -------- d-------- C:\Program Files\Windows Media Player
2006-09-10 02:19 -------- d-------- C:\Program Files\Outlook Express
2006-09-10 02:19 -------- d-------- C:\Program Files\Common Files\System
2006-09-10 02:11 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Real
2006-09-10 01:51 -------- d-------- C:\Program Files\WinRAR
2006-09-10 00:42 -------- d-------- C:\Program Files\Java
2006-09-10 00:42 -------- d-------- C:\Program Files\Common Files\Java
2006-09-10 00:42 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Sun
2006-09-10 00:31 -------- d-------- C:\Program Files\Real Alternative
2006-09-10 00:31 -------- d-------- C:\Program Files\Media Player Classic
2006-09-10 00:27 -------- d-------- C:\Program Files\QuickTime Alternative
2006-09-10 00:18 -------- d-------- C:\Documents and Settings\Christopher\Application Data\vlc
2006-09-10 00:17 -------- d-------- C:\Program Files\VideoLAN
2006-09-10 00:11 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Mozilla
2006-09-09 21:47 -------- d-------- C:\Program Files\Foxit Software
2006-09-09 21:38 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Macromedia
2006-09-09 21:21 -------- d-------- C:\Program Files\Alwil Software
2006-09-09 20:51 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Intel
2006-09-09 20:49 -------- d-------- C:\Program Files\Intel
2006-09-09 20:48 -------- d-------- C:\Program Files\Broadcom
2006-09-09 20:46 -------- d-------- C:\Program Files\CONEXANT
2006-09-09 20:45 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-09 20:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-09 20:42 -------- d-------- C:\Program Files\SigmaTel
2006-09-09 14:39 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-09 14:39 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-09 14:39 -------- d-------- C:\Documents and Settings\Christopher\Application Data\Identities
2006-09-09 14:34 -------- d-------- C:\Program Files\xerox
2006-09-09 14:34 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-09 14:32 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-09 14:32 -------- d-------- C:\Program Files\Online Services
2006-09-09 14:31 -------- d-------- C:\Program Files\NetMeeting
2006-09-09 14:31 -------- d-------- C:\Program Files\Movie Maker
2006-09-09 14:31 -------- d-------- C:\Program Files\Common Files\Services
2006-09-09 14:31 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-09 14:30 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-09 14:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-09 14:29 -------- d-------- C:\Program Files\Windows NT
2006-09-09 14:29 -------- d-------- C:\Program Files\MSN
2006-09-09 10:24 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-09 10:24 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-09 10:23 62 --ahs---- C:\Documents and Settings\Christopher\Application Data\desktop.ini
2006-08-10 19:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-10 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-27 13:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 19:40 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-07-11 19:40 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-07-11 19:40 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-07-11 18:54 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-07-11 18:54 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-07-11 18:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-07-11 18:54 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-07-11 18:54 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-07-11 18:54 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-07-11 18:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-07-11 18:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Fri 10/06/2006 1:33:11.46
ComboFix.txt
  • 0

#4
criss86
Posted 06 October 2006 - 12:32 AM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hey loop...i posted the combofix log...now wat?
  • 0

#5
loophole
Posted 06 October 2006 - 01:46 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Give me a moment, just waking up, I do need to sleep :whistling: even if I only get a couple hours a night

Let me go through the logs it will take me a few :blink:
  • 0

#6
criss86
Posted 06 October 2006 - 01:56 AM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
thanks alot loophole...take your time ok...i'll be waiting
  • 0

#7
loophole
Posted 06 October 2006 - 02:17 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\wintrust32.exe
    C:\WINDOWS\system32\servicemp.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After the reboot, click start >>>> run

Copy and paste the following lines into the run box ONE at a time clicking OK after each one:

SC stop WinTrust32

SC delete WinTrust32

SC stop Win Common module

SC delete Win Common module


Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#8
criss86
Posted 06 October 2006 - 10:36 AM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
i got up not to long ago... i did everything you told me too. i did the panda's activescan and it found some spyware...here is the report from active scan and a new hijackthis log...

this the the activescan report

Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\!KillBox\servicemp.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\servicemp.exe( 1)
Adware:Adware/PurityScan Not disinfected C:\!KillBox\wintrust32.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\wintrust32.exe( 2)
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\uhc6hd9z.default\cookies.txt[.cs.sexcounter.com/]

and here is the new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:36:04 PM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by criss86, 06 October 2006 - 10:37 AM.

  • 0

#9
criss86
Posted 06 October 2006 - 02:29 PM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hey loophole, please don't forget about me please..anyway, take your time analyzing the logs thanks.

Edited by criss86, 06 October 2006 - 02:29 PM.

  • 0

#10
loophole
Posted 06 October 2006 - 03:38 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi chriss

You dont have to worry I'm not going to forget about you :whistling: I have a busy life, plus quite a few other people to help. The panda log is almost spotless, just some cookies and the files we deleted with killbox in thier new home C:\!KillBox. We do still have a service running that needs to go, lets delete it a different way

Go to Start > Run and type Services.msc then hit Ok
Scroll down and find the below service:

Win Common module

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on None of the above, just start the program. Now, click on the Config button (bottom right), click on Misc Tools, then click on Delete an NT Service. A window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

Win Common module

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

after you reboot

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.

Post a new HiJackThis log after it reboots and let me know if you received any error messages, also how the computer is running

Thanks
  • 0

Advertisements

#11
criss86
Posted 06 October 2006 - 11:55 PM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
srry about what i said...and thanks alot for what you did to help me....i did what you told me too and everything seems okay so far, i idid'nt receive any error messages, my computer is running good.

here is my new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:51:00 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#12
loophole
Posted 07 October 2006 - 12:13 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi chriss :whistling:

Please run a scan with HijackThis and check the following lines for removal:

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Please delete this folder:
C:\!KillBox

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.

Reboot and post a one more Hijack log please
  • 0

#13
criss86
Posted 07 October 2006 - 12:37 AM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok loophole did what you told me to do. I check the file from my hijackthis scan and clicked on fix checked, then i deleted C:!KillBox, oh and i also deleted all the cookies from firefox, then i rebooted my computer.

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 2:33:16 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#14
loophole
Posted 07 October 2006 - 02:34 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Everything looks good, but your the boss. Is everything back to normal?
  • 0

#15
criss86
Posted 07 October 2006 - 10:26 AM

criss86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
thanks loophole...and by the way, there was'nt anything wrong with my computer in the first place. I just wanted someone to check my hijackthis log for any problems...thanks alot loophole thanks..my pc is running just alright thanks to you....can u help me with one little problem please..I have a a svchost.exe in my windows task manager thats runninng more mem usage than my explorer.exe not my IEXPLORER.EXE, my explorer.exe, is that fine or what?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP