Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hello! I cannot open any antivirus sites.. Please help.


  • Please log in to reply

#1
Melwynne

Melwynne

    New Member

  • Member
  • Pip
  • 4 posts
I see that this is a common problem nowadays.. If anyone can please help me, Id really appreciate the effort. THANK YOU SO MUCH IN ADVANCE!

here is my latest Combofix log:


ComboFix 09-01-19.03 - hawaian_fridays 2009-01-20 6:22:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1656 [GMT 8:00]
Running from: c:\documents and settings\hawaian_fridays\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hawaian_fridays\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-20 06:19 . 2009-01-20 06:19 <DIR> d--hs---- c:\documents and settings\hawaian_fridays\UserData
2009-01-20 05:34 . 2009-01-20 05:34 <DIR> d-------- C:\Deckard
2009-01-20 05:28 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-18 10:32 . 2009-01-18 10:32 <DIR> d-------- c:\program files\TOM Online Inc
2009-01-17 23:59 . 2009-01-17 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-15 09:59 . 2009-01-15 09:59 <DIR> d-------- c:\program files\sohutv_web
2009-01-11 18:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-06 02:35 . 2009-01-06 02:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\File dvd base road
2008-12-27 02:45 . 2008-12-27 02:45 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 17:23 --------- d-----w c:\program files\Garena
2009-01-15 17:22 --------- d-----w c:\program files\Warcraft III
2009-01-12 02:09 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\uTorrent
2009-01-11 10:56 --------- d-----w c:\program files\Panda Security
2009-01-02 17:51 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\LimeWire
2008-12-15 01:18 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-14 05:24 --------- d-----w c:\program files\Electronic Arts
2008-12-11 22:08 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\AVGTOOLBAR
2008-12-11 21:21 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-11 21:21 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-11 21:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-12-11 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-11 19:37 7,218 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-11 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 19:36 --------- d-----w c:\program files\Yahoo!
2008-12-11 19:36 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Yahoo!
2008-12-11 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 18:01 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\SUPERAntiSpyware.com
2008-12-11 16:03 --------- d-----w c:\program files\Web Publish
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-04 06:27 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-12-03 14:23 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Xilisoft Corporation
2008-12-03 14:22 --------- d-----w c:\program files\Xilisoft
2008-12-03 08:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-01 16:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 16:06 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-01 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-01 15:26 --------- d-----w c:\program files\The Print Shop 20
2008-12-01 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-12-01 15:08 --------- d-----w c:\program files\Common Files\Broderbund
2008-12-01 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2008-11-24 11:28 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-23 11:16 --------- d-----w c:\program files\Bethesda Softworks
2008-11-23 04:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-19 15:21 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Leadertech
2008-10-27 02:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 02:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 02:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 02:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 21:02 52,736 ----a-w c:\windows\ipuninst.exe
2008-07-01 01:49 22,328 ----a-w c:\documents and settings\hawaian_fridays\Application Data\PnkBstrK.sys
2008-04-13 21:41 164,457 --sha-r c:\windows\system32\ntmwlbrq.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_ 5.22.34.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-19 21:05:19 71,584 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-19 21:59:42 71,584 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-19 21:05:19 442,092 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-19 21:59:42 442,092 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Installerz\\Gamez\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"58440:TCP"= 58440:TCP:Pando Media Booster
"58440:UDP"= 58440:UDP:Pando Media Booster
"9351:TCP"= 9351:TCP:BitComet 9351 TCP
"9351:UDP"= 9351:UDP:BitComet 9351 UDP
"2056:TCP"= 2056:TCP:zsficloo

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-12 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-12 76040]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]
S4 myulqa;vrhfkfq;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
myulqa

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{206db441-912b-11dd-99ad-0019667055ad}]
\Shell\AutoRun\command - G:\qa8sywva.cmd
\Shell\explore\Command - G:\qa8sywva.cmd
\Shell\open\Command - G:\qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{36f56392-8c77-11dd-999f-0019667055ad}]
\Shell\Auto\command - H:\Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - H:\Recycled/dllcache32.exe
\Shell\open\Command - H:\Recycled/dllcache32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{eb2060d7-4732-11dd-98ae-0019667055ad}]
\Shell\AutoRun\command - explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\B46E1978942995A4.job
- c:\docume~1\hawaia~1\applic~1\bodysp~1\Soap Platform Ooze.exe []

2009-01-19 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-01-18 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\
FF - plugin: c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\extensions\tcastv1@tom.com\p lugins\nptcast40.dll
FF - plugin: c:\program files\TOM Online Inc\TOM Live Player\nptcast30.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 06:23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\myulqa]
"ServiceDll"="c:\windows\system32\ntmwlbrq.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,84,dd,f3,b2,95,f4,ff,48,6e,82,20,66,70,20,45,38,07,65,f4,46,86, 6f,
11,ad,59,b1,aa,01,eb,52,ef,87,b8,67,d4,e6,22,cb,6c,5e,6e,8a,05,38,ca,e1,7e, \
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:3f,2b,15,df,37,24,fb,8b,f5,75,25,40,24,28,f2,26,f7,73,d6,ba, ec,
a7,5b,01,74,e4,c5,16,71,3c,af,9c,72,19,18,d4,9d,ec,b0,1f,a1,e0,28,2f,95,a8, \
"rkeysecu"=hex:65,63,e6,16,cc,8a,a0,9b,62,96,4b,6b,c1,50,de,b1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b4,a7,65,9c, c7,
ea,fa,6a,c8,28,51,af,b0,29,a3,98,60,54,39,41,c9,6d,e5,43,e2,63,26,f1,3f,c8, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5c,ce,dd,e7, 55,
5a,2c,6f,71,3b,04,66,8b,46,0d,96,b4,e8,d1,03,e4,fd,46,f7,6a,9c,d6,61,af,45, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,df,4b,2e,5d, 5e,
be,bf,e9,25,da,ec,7e,55,20,c9,26,20,13,da,97,a6,0c,50,65,ff,7c,85,e0,43,d4, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,72,12,ac,c4, 28,
2d,2f,26,3e,1e,9e,e0,57,5a,93,61,40,47,49,d3,32,0f,e1,5f,86,8c,21,01,be,91, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,5a,25,0e,93, 5d,
09,0c,d9,cd,44,cd,b9,a6,33,6c,cd,2e,9a,39,9e,fc,a1,f6,ed,f5,1d,4d,73,a8,13, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,07,cb,d6,5c, 13,
8f,fb,70,b0,18,ed,a7,3f,8d,37,a4,8a,86,ff,3b,f7,83,10,6d,df,20,58,62,78,6b, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,32,ca,1c,8c, cc,
a3,f9,2d,31,77,e1,ba,b1,f8,68,02,b0,58,c5,dc,e3,e0,f0,51,fb,a7,78,e6,12,2f, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ba,05,7a,ba, 6f,
1f,83,34,83,6c,56,8b,a0,85,96,ab,21,c0,1a,ef,81,83,30,69,01,3a,48,fc,e8,04, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,67,66,95,63, 16,
7d,ec,42,51,fa,6e,91,28,9e,14,cc,5f,27,3a,a2,90,e3,3b,f7,f6,0f,4e,58,98,5b, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5c,22,fe,6c, 1e,
3d,32,44,b1,cd,45,5a,a8,c4,f8,b9,49,2f,b5,3f,94,50,1f,83,3d,ce,ea,26,2d,45, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e9,31,2c,2c, 3a,
87,84,3a,e3,0e,66,d5,eb,bc,2f,6b,cf,c4,0e,94,62,0d,b2,73,2a,b7,cc,b5,b9,7f, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3c,be,a4,d1, f2,
d1,82,50,fa,ea,66,7f,d4,3b,6b,70,3e,40,ae,7e,16,8e,d7,2a,6c,43,2d,1e,aa,22, \
.
Completion time: 2009-01-20 6:24:40
ComboFix-quarantined-files.txt 2009-01-19 22:24:38
ComboFix2.txt 2009-01-19 22:09:02
ComboFix3.txt 2009-01-19 21:48:34
ComboFix4.txt 2009-01-19 21:23:08

Pre-Run: 18,734,268,416 bytes free
Post-Run: 18,726,137,856 bytes free

246 --- E O F --- 2009-01-14 08:52:16
  • 0

Advertisements


#2
Melwynne

Melwynne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
and here is my hijackthis log.. if it may help..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:59 AM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#3
Melwynne

Melwynne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here's another log.. Please help i tried everything already



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:39 AM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2079 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP