Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack log, Help My laptop needs to last another 3 weeks.


  • Please log in to reply

#1
deerpark99

deerpark99

    New Member

  • Member
  • Pip
  • 2 posts
I have about 3 weeks before i go home. My laptop needs to last me to then.
I got the Win32:EggDro-AE[Trj] according to avast but it wont remove it. Its located in Windows\new\system32. Thanks
AntiVir sees it as TR/Cypt.xpack.gen and also BSD/agent.yrg.14


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:36 AM, on 4/11/2008
Platform: Windows xp (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\NEW\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NEW\System32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\NEW\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\NEW\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\NEW\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\System32\ctfmon.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe

--
End of file - 3245 bytes

Edited by deerpark99, 11 April 2008 - 12:15 PM.

  • 0

Advertisements


#2
deerpark99

deerpark99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Deckard's System Scanner v20071014.68
Run by ecoli2 on 2008-04-11 02:26:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-04-11 06:27:26 UTC - RP52 - Deckard's System Scanner Restore Point
43: 2008-04-09 18:18:27 UTC - RP51 - Removed SUPERAntiSpyware Free Edition
42: 2008-04-08 19:32:42 UTC - RP50 - Removed Windows Live Messenger
41: 2008-04-08 18:05:55 UTC - RP49 - Installed Ad-Aware 2007
40: 2008-04-08 15:37:41 UTC - RP48 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-01-12 20:51:38 UTC - RP9 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).
System Drive C: has 2.49 GiB (less than 15%) free.


-- HijackThis (run as ecoli2.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:53 AM, on 4/11/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\NEW\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NEW\System32\ctfmon.exe
C:\Documents and Settings\ecoli2\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ecoli2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\NEW\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\NEW\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\NEW\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\System32\ctfmon.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe

--
End of file - 3241 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\new\system32\giveio.sys
R0 speedfan - c:\windows\new\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Diskeeper - c:\program files\diskeeper corporation\diskeeper\dkservice.exe <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_8086&DEV_3584&SUBSYS_00011179&REV_01\3&61AAA01&0&01
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_8086&DEV_3584&SUBSYS_00011179&REV_01\3&61AAA01&0&01
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_8086&DEV_3585&SUBSYS_00011179&REV_01\3&61AAA01&0&03
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_8086&DEV_3585&SUBSYS_00011179&REV_01\3&61AAA01&0&03
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\TOS6202\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6202\2&DABA3FF&0
Service:


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-08 15:33:19 0 d-------- C:\WINDOWS\NEW\SxsCaPendDel
2008-04-08 14:30:42 0 d-------- C:\Documents and Settings\ecoli2\Application Data\Malwarebytes
2008-04-08 14:30:30 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Malwarebytes
2008-04-08 14:30:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 14:05:58 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Lavasoft
2008-04-08 11:38:10 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\SUPERAntiSpyware.com
2008-04-08 11:37:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 11:37:43 0 d-------- C:\Documents and Settings\ecoli2\Application Data\SUPERAntiSpyware.com
2008-04-08 11:37:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 09:03:05 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data\Grisoft
2008-04-07 23:25:31 0 d-------- C:\Documents and Settings\ecoli2\Application Data\Grisoft
2008-04-07 23:25:10 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Grisoft
2008-04-07 22:55:54 0 d---s---- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data\Microsoft
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Templates
2008-04-07 22:55:53 0 dr------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Start Menu
2008-04-07 22:55:53 0 dr-h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\SendTo
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Recent
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\PrintHood
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\NetHood
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\My Documents
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Local Settings
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Favorites
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Desktop
2008-04-07 22:55:53 0 d---s---- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Cookies
2008-04-07 22:55:53 0 dr-h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data
2008-04-07 22:55:52 786432 --ah----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\NTUSER.DAT
2008-04-07 21:40:24 0 d-------- C:\!KillBox
2008-04-07 20:29:55 0 d-------- C:\Program Files\Trend Micro
2008-04-07 19:48:01 0 d-------- C:\Program Files\a-squared Free
2008-04-05 23:16:31 4456448 --a------ C:\Documents and Settings\ecoli2\ntuser.dat
2008-03-28 18:29:04 0 d-------- C:\Program Files\TD AMERITRADE
2008-03-11 23:38:30 0 d--h----- C:\WINDOWS\NEW\System32\GroupPolicy


-- Find3M Report ---------------------------------------------------------------

2008-04-11 02:05:40 0 d-------- C:\Program Files\Trillian
2008-04-10 23:06:55 0 d-------- C:\Program Files\mIRC
2008-04-08 15:33:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-08 15:31:24 0 d-------- C:\Program Files\MediaMonkey
2008-04-08 14:06:01 0 d-------- C:\Program Files\Lavasoft
2008-04-08 11:37:05 0 d-------- C:\Program Files\Common Files
2008-04-08 11:23:41 0 d-------- C:\Program Files\SpywareBlaster
2008-03-28 18:29:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-17 19:51:01 0 d-------- C:\Program Files\DC++
2008-03-16 01:42:48 0 d-------- C:\Documents and Settings\ecoli2\Application Data\uTorrent
2008-03-07 20:26:25 0 d-------- C:\Program Files\Audacity
2008-03-06 02:41:29 0 d-------- C:\Documents and Settings\ecoli2\Application Data\DMCache
2008-03-01 03:33:28 0 d-------- C:\Documents and Settings\ecoli2\Application Data\GlobalSCAPE
2008-03-01 03:25:52 0 d-------- C:\Documents and Settings\ecoli2\Application Data\SmartFTP
2008-02-17 04:13:16 0 d-------- C:\Program Files\CoreCodec
2008-02-11 15:42:10 0 d-------- C:\Program Files\SpeedFan
2008-01-16 13:49:51 24080 --a------ C:\Documents and Settings\ecoli2\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/19/2005 07:06 PM]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [02/28/2003 07:54 PM]
"HotKeysCmds"="C:\WINDOWS\NEW\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"IgfxTray"="C:\WINDOWS\NEW\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"KernelFaultCheck"="C:\WINDOWS\NEW\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [06/07/2006 12:35 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\NEW\System32\ctfmon.exe" [08/18/2001 08:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.NEW^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\NEW\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.NEW^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\NEW\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\NEW\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"helpsvc"=2 (0x2)
"ewido security suite control"=2 (0x2)
"Diskeeper"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-04-11 02:33:32 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP