08-06-2008, 02:14 PM
|
#7 (permalink)
|
|
Registered User
Join Date: Jul 2008
Posts: 17
OS: XP
|
Re: Massive Slowdown
Well and good, then. That took longer than expected, but all the logs are now acquired. Posted in order requested:
daft.txt
C:\ComboFix.txt
new HijackThis log
..................
daft.txt - (This is what it generated, and if there's something else I should be posting, I don't know what I'm looking for.)
Quote:
DAFT Log saved on 2008-08-06 12:37:44
-----------------------------------------------------------------------
All associations okay!
|
.................
Combofix.txt
Quote:
ComboFix 08-08-05.05 - Owner 2008-08-06 12:42:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -5:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\F?nts\
C:\Program Files\Common Files\smbols~1
C:\WINNT\cookies.ini
C:\WINNT\system32\actskn43.ocx
C:\WINNT\system32\bmf.cs
C:\WINNT\system32\ccs.so
C:\WINNT\system32\drivers\Winpb18.sys
C:\WINNT\system32\ho.ln
C:\WINNT\system32\jwzpqng.sys
C:\WINNT\system32\ko.o
C:\WINNT\system32\mn.n
C:\WINNT\system32\tsvGPqru.ini
C:\WINNT\system32\tsvGPqru.ini2
C:\WINNT\system32\uvcwtdxv.ini
C:\WINNT\system32\WinCtrl32.dl_
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_service.sys
-------\Legacy_WINPB18
-------\Service_jwzpqng
-------\Service_service.sys
-------\Service_Winpb18
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-06 11:22 . 2008-08-06 11:22 <DIR> d-------- C:\Deckard
2008-08-06 11:13 . 2008-08-06 11:13 23,600 --a------ C:\WINNT\system32\drivers\TVICHW32.SYS
2008-07-28 09:56 . 2008-07-28 09:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\ie-spyad_zo
2008-07-28 03:19 . 2008-06-19 17:24 28,544 --a------ C:\WINNT\system32\drivers\pavboot.sys
2008-07-25 06:42 . 2008-07-25 06:42 <DIR> d-------- C:\Program Files\CCleaner
2008-07-24 18:06 . 2008-07-24 18:06 <DIR> d-------- C:\!KillBox
2008-07-11 12:52 . 2008-07-11 12:55 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-10 16:09 . 2008-07-10 16:09 <DIR> d-------- C:\Program Files\Netflix
2008-07-08 17:25 . 2008-07-08 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-07 23:28 . 2008-07-07 23:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\onOne Software
2008-07-07 23:28 . 2008-05-07 17:48 57,344 --a------ C:\WINNT\system32\ASTSRV.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 16:56 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-06 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-30 19:44 --------- d-----w C:\Program Files\Google
2008-07-28 15:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 14:52 --------- d-----w C:\Program Files\Get-Torrent
2008-07-28 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 16:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-27 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-26 04:02 --------- d-----w C:\Program Files\Trillian
2008-07-25 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 14:54 97,928 ----a-w C:\WINNT\system32\drivers\avgldx86.sys
2008-07-25 11:34 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-07-25 11:29 --------- d-----w C:\Program Files\Wesnoth
2008-07-23 21:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-23 21:21 --------- d-----w C:\Program Files\Opera
2008-07-21 12:06 --------- d-----w C:\Program Files\iTunes
2008-07-21 12:05 --------- d-----w C:\Program Files\iPod
2008-07-16 19:45 --------- d-----w C:\Program Files\Apple Software Update
2008-07-08 22:26 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-07-08 22:25 --------- d--h--w C:\Documents and Settings\Owner\Application Data\GTek
2008-07-07 16:53 76,040 ----a-w C:\WINNT\system32\drivers\avgtdix.sys
2008-07-07 16:52 12,936 ----a-w C:\WINNT\system32\drivers\avgrkx86.sys
2008-07-03 15:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-06-20 10:45 360,320 ----a-w C:\WINNT\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINNT\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINNT\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINNT\system32\drivers\bthport.sys
2008-06-12 13:09 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-06-12 13:09 --------- d-----w C:\Program Files\Microsoft Works
2008-06-12 13:09 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-12 10:52 --------- d-----w C:\Program Files\Bonjour
2008-06-12 10:51 --------- d-----w C:\Program Files\QuickTime
2008-06-12 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-11 20:50 --------- d-----w C:\Program Files\ToniArts
2008-06-10 18:46 --------- d-----w C:\Program Files\AVG
2008-06-10 18:31 --------- d-----w C:\Program Files\Panda Security
2008-06-08 23:03 --------- d-----w C:\Program Files\DivX
2008-06-06 16:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\TuneUp Software
2008-06-06 15:20 --------- d-----w C:\Program Files\Macromedia
2008-06-06 15:20 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-06-06 15:14 --------- d-----w C:\Program Files\ReadPlease 2003
2008-06-06 15:14 --------- d-----w C:\Program Files\Rainlendar2
2008-03-24 03:44 167 ----a-w C:\Documents and Settings\Owner\udownload.dat
2007-12-17 19:21 0 ----a-w C:\Program Files\gamingGamePuzzleVB.DB
2007-05-04 17:27 45,702 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2005-09-26 16:45 73,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 21:38 8 ----a-w C:\Documents and Settings\Owner\Application Data\usb.dat.bin
1765-03-26 10:44 4,263 --sh--w C:\WINNT\windllreg1c.sys
.
Infected C:\WINNT\system32\user32.dll hex repaired
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 20:19 68856]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"Uniblue ProcessQuickLink 2"="C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2007-11-02 18:46 655640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 09:54 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 02:12:18 113664]
Gmail Notifier.lnk - C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 16:48:33 479232]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-05-04 06:37:52 3450608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 02:12:18 113664]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-15 14:27:08 125624]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-28 07:16:11 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winba02.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch51.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincq54.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincs63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincv74.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincw67.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfg60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfx34.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wingf08.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingk66.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingv10.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhh18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winib65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winie66.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winig38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winil75.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin35.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiy06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlv24.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winmd23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winme11.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmt78.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winoo74.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpd32.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk78.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpq65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqp85.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintn66.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuf71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvd14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwo16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwr23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxf38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxl02.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxy73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyk55.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Gravity\\RagnarokOnline\\Ragnarok.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 AvgRkx86;avgrkx86.sys;C:\WINNT\system32\Drivers\avgrkx86.sys [2008-07-07 11:52]
R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-07-25 09:54]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-25 09:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 09:54]
R2 avgtdix;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [2008-07-07 11:53]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S0 Winba02;Winba02;C:\WINNT\system32\Drivers\Winba02.sys []
S0 Winch51;Winch51;C:\WINNT\system32\Drivers\Winch51.sys []
S0 Wincq54;Wincq54;C:\WINNT\system32\Drivers\Wincq54.sys []
S0 Wincs63;Wincs63;C:\WINNT\system32\Drivers\Wincs63.sys []
S0 Wincv74;Wincv74;C:\WINNT\system32\Drivers\Wincv74.sys []
S0 Wincw67;Wincw67;C:\WINNT\system32\Drivers\Wincw67.sys []
S0 Winfg60;Winfg60;C:\WINNT\system32\Drivers\Winfg60.sys []
S0 Winfx34;Winfx34;C:\WINNT\system32\Drivers\Winfx34.sys []
S0 wingf08;wingf08;C:\WINNT\system32\Drivers\Wingf08.sys []
S0 Wingk66;Wingk66;C:\WINNT\system32\Drivers\Wingk66.sys []
S0 Wingv10;Wingv10;C:\WINNT\system32\Drivers\Wingv10.sys []
S0 Winhh18;Winhh18;C:\WINNT\system32\Drivers\Winhh18.sys []
S0 Winib65;Winib65;C:\WINNT\system32\Drivers\Winib65.sys []
S0 Winie66;Winie66;C:\WINNT\system32\Drivers\Winie66.sys []
S0 Winig38;Winig38;C:\WINNT\system32\Drivers\Winig38.sys []
S0 Winil75;Winil75;C:\WINNT\system32\Drivers\Winil75.sys []
S0 Winin35;Winin35;C:\WINNT\system32\Drivers\Winin35.sys []
S0 Winiy06;Winiy06;C:\WINNT\system32\Drivers\Winiy06.sys []
S0 Winlo18;Winlo18;C:\WINNT\system32\Drivers\Winlo18.sys []
S0 Winlv24;Winlv24;C:\WINNT\system32\Drivers\Winlv24.sys []
S0 winmd23;winmd23;C:\WINNT\system32\Drivers\Winmd23.sys []
S0 Winme11;Winme11;C:\WINNT\system32\Drivers\Winme11.sys []
S0 Winmt78;Winmt78;C:\WINNT\system32\Drivers\Winmt78.sys []
S0 Winoo74;Winoo74;C:\WINNT\system32\Drivers\Winoo74.sys []
S0 Winpd32;Winpd32;C:\WINNT\system32\Drivers\Winpd32.sys []
S0 Winpk78;Winpk78;C:\WINNT\system32\Drivers\Winpk78.sys []
S0 Winpq65;Winpq65;C:\WINNT\system32\Drivers\Winpq65.sys []
S0 Winqp85;Winqp85;C:\WINNT\system32\Drivers\Winqp85.sys []
S0 Winsa65;Winsa65;C:\WINNT\system32\Drivers\Winsa65.sys []
S0 Wintn66;Wintn66;C:\WINNT\system32\Drivers\Wintn66.sys []
S0 Winuf71;Winuf71;C:\WINNT\system32\Drivers\Winuf71.sys []
S0 Winvd14;Winvd14;C:\WINNT\system32\Drivers\Winvd14.sys []
S0 Winwo16;Winwo16;C:\WINNT\system32\Drivers\Winwo16.sys []
S0 Winwr23;Winwr23;C:\WINNT\system32\Drivers\Winwr23.sys []
S0 Winxf38;Winxf38;C:\WINNT\system32\Drivers\Winxf38.sys []
S0 Winxl02;Winxl02;C:\WINNT\system32\Drivers\Winxl02.sys []
S0 Winxy73;Winxy73;C:\WINNT\system32\Drivers\Winxy73.sys []
S0 Winyk55;Winyk55;C:\WINNT\system32\Drivers\Winyk55.sys []
S3 kbeepm;kbeepm;C:\DOCUME~1\Owner\LOCALS~1\Temp\kbeepm.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINNT\system32\DRIVERS\usb8023.sys [2004-08-04 01:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a1166b6-4331-11dd-8e7b-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-06-06 C:\WINNT\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []
2008-07-14 C:\WINNT\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kjs52pl2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.deviantart.com/
FF -: plugin - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kjs52pl2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Panda Security\NanoScan\Plugins\npnanoscan.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 13:31:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> ?:\WINNT\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-06 14:55:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-06 19:55:04
Pre-Run: 44,675,358,720 bytes free
Post-Run: 44,674,383,872 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
327 --- E O F --- 2008-07-08 22:15:15
|
...................
hijackthis.txt
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:10 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\*\Stuff\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINNT\SYSTEM32\astsrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
O24 - Desktop Component 1: Facebook | Welcome to Facebook! - http://www.facebook.com/
--
End of file - 5323 bytes
|
|
|
|