|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
06-27-2008, 02:23 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
 I have tried to read thru all the posts instead of starting a new thread, but I probably need to just post my HiJack This Log and get individual advice. My Desktop has changed, My Homepage will not stay where I set it, My IE will not always come up, I have to go to my QuickLaunch Icon and Run As to get it up. Also freezes up. I have Panda Antivirus & Firewall 2008 - 7.00.00 but I have tried running Active Scan, and have had many dirrerent outcomes, but none have finished. They just stall somewhere, and I end up closing them out.Any Advice would be Greatly Appreciated. I may not be able to get back on to check for a couple of hours. Here is my HiJack Log: Logfile of HijackThis v1.99.1 Scan saved at 13  56, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\SYSTEM32\taskmgr.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVLTMAIN.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\Apvxdwin.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe C:\DOCUME~1\BECKYL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing) O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing) I have now Completed the 5 Steps before posting for help on removal of malware. While running Deckard, Hijack this had a couple of error popup windows. I have taken screen shots of both of the, and the second one had a message to email a person to let him know what happened. 1st Error Message: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad"C:\WINDOWS\System32\drivers\etc\hosts" (and pers Enter. Find the line(s) HijackThis reports and delete them. Save the file as "hosts." (with quotes), and reboot. 2nd Error Message: An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #75 - Path/File access error Please email me at merijn@spywareinfo.com, reporting the following: *What you were trying to fx when the error occurred, if applicable *How you can reproduce the error *A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. OK I did email him, but wasn't sure if I should................ Here is requested info: Deckard: Deckard's System Scanner v20071014.68 Run by Becky Lacock on 2008-06-28 17 43Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; The operation completed successfully. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Becky Lacock.exe) ---------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-28 17:08:42 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WEBPROXY.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Becky Lacock\Desktop\dss.exe C:\Program Files\HIJACKThis\hijackthis\Becky Lacock.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\Avciman.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 7825 bytes -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* .vbs - VBSFile - shell\open\command - C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing) 3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys 1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> 3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing) 3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing) 3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> 3 slicedisk.sys - c:\windows\system32\slicedisk.sys <Not Verified; Atola; slicedisk> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3 GoToAssist - c:\program files\citrix\gotoassist\480\g2aservice.exe 2 Panda Software Controller - c:\program files\panda security\panda antivirus + firewall 2008\psctrls.exe 2 PAVFNSVR (Panda Function Service) - c:\program files\panda security\panda antivirus + firewall 2008\pavfnsvr.exe 2 PavPrSrv (Panda Process Protection Service) - c:\program files\common files\panda software\pavshld\pavprsrv.exe 2 PAVSRV (Panda anti-virus service) - c:\program files\panda security\panda antivirus + firewall 2008\pavsrv51.exe 2 PSHost (Panda Host Service) - c:\program files\panda security\panda antivirus + firewall 2008\firewall\pshost.exe 2 PSIMSVC (Panda IManager Service) - c:\program files\panda security\panda antivirus + firewall 2008\psimsvc.exe 2 TPSrv (Panda TPSrv) - c:\program files\panda security\panda antivirus + firewall 2008\tpsrv.exe 3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Scheduled Tasks ------------------------------------------------------------- 2006-10-19 20:58:51 368 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1158671919.job -- Files created between 2008-05-28 and 2008-06-28 ----------------------------- 2008-06-28 12:15:50 0 d-------- C:\WINDOWS\LastGood 2008-06-28 12:04:40 0 d-------- C:\ie-spyad_zo 2008-06-28 11:48:21 0 d-------- C:\WINDOWS\CSC 2008-06-28 11:30:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-28 11:30:01 0 d-------- C:\Program Files\SpywareBlaster 2008-06-27 13:49:15 0 d-------- C:\Program Files\EsetOnlineScanner 2008-06-27 13:40:47 0 d-------- C:\Program Files\Java 2008-06-27 13:40:44 0 d-------- C:\Program Files\Common Files\Java 2008-06-27 09:34:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-27 09:34:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-27 09:34:19 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-27 09:34:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-27 09:34:19 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-27 09:34:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-27 09:34:19 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-17 09:33:32 1092 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-17 09:08:22 218112 --a------ C:\Program Files\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis> 2008-06-16 20:32:10 0 d-------- C:\Documents and Settings\TEMP\Application Data\Macromedia 2008-06-16 20:32:10 0 d-------- C:\Documents and Settings\TEMP\Application Data\Adobe 2008-06-16 20:32:02 0 d-------- C:\Documents and Settings\TEMP\Application Data\Google 2008-06-16 20:31:46 0 d-------- C:\Documents and Settings\TEMP\Application Data\Identities 2008-06-16 20:31:32 0 d--h----- C:\Documents and Settings\TEMP\Templates 2008-06-16 20:31:32 0 dr------- C:\Documents and Settings\TEMP\Start Menu 2008-06-16 20:31:32 0 dr-h----- C:\Documents and Settings\TEMP\SendTo 2008-06-16 20:31:32 0 dr-h----- C:\Documents and Settings\TEMP\Recent 2008-06-16 20:31:32 0 d--h----- C:\Documents and Settings\TEMP\PrintHood 2008-06-16 20:31:32 0 d--h----- C:\Documents and Settings\TEMP\NetHood 2008-06-16 20:31:32 0 dr------- C:\Documents and Settings\TEMP\My Documents 2008-06-16 20:31:32 0 d--h----- C:\Documents and Settings\TEMP\Local Settings 2008-06-16 20:31:32 0 dr------- C:\Documents and Settings\TEMP\Favorites <FAVORI~2> 2008-06-16 20:31:32 0 d-------- C:\Documents and Settings\TEMP\Desktop 2008-06-16 20:31:32 0 d---s---- C:\Documents and Settings\TEMP\Cookies 2008-06-16 20:31:32 0 dr-h----- C:\Documents and Settings\TEMP\Application Data 2008-06-16 20:31:32 0 d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft 2008-06-16 20:31:31 524288 --ah----- C:\Documents and Settings\TEMP\NTUSER.DAT 2008-06-05 09:33:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -- Find3M Report --------------------------------------------------------------- 2008-06-28 08:37:40 0 d-------- C:\Program Files\PokerStars.NET 2008-06-27 13:40:44 0 d-------- C:\Program Files\Common Files 2008-06-27 08:53:13 0 d-------- C:\Documents and Settings\Becky Lacock\Application Data\LimeWire 2008-06-17 11:58:01 0 d-------- C:\Program Files\Panda Security 2008-06-17 10:10:50 6013 --a------ C:\Program Files\hijackthis.log 2008-06-05 09:19:09 0 d-------- C:\Program Files\Movie Maker -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 12:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-15 14:05 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e549d9-594b-11db-91ab-00111120f66c}] AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe -- End of Deckard's System Scanner: finished at 2008-06-28 17:10:35 ------------ HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:56, on 2008-06-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\PROGRA~1\HIJACK~1\HIJACK~1\Becky Lacock.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\internet explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing) O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing) Last edited by amateur : 06-28-2008 at 05:49 PM. Reason: merged to retain 0-reply status |
|
     |
|
07-05-2008, 10:01 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
Re: My Computer is Possessed
Bump, Purty Please, nearly 8 days since my first plea for assistance. Whenever U can look, I think it will be simple. I have succeeded in attaching the log, DeckardExtra.txt, that I couldn't get to attach before.
|
|
|
|
|
07-05-2008, 10:19 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: My Computer is Possessed
Hello beckylousiana,
I see you also ran SmitfraudFix. Please navigate to C:\rapport.txt and copy/paste the contents of that log. |
|
|
|
|
07-06-2008, 04:18 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
Re: My Computer is Possessed
thanx,
Another Symptom: As stated before, My Task bar freezes and the time does not change. SmitFraudFix v2.325 Scan done at 9:37:01.50, Fri 06/27/2008 Run from C:\Documents and Settings\Becky Lacock\Desktop\TEMPORARY\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
07-06-2008, 07:20 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: My Computer is Possessed
If malware is behind this, I'm not seeing it in any of these logs.
You mentioned in your first post that your desktop changed--can you please provide more detail about that? Have any of your onboard tools detected or alerted you to any malware? I'd like you to try another online scanner. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Click Accept, when prompted to download and install the program files and database of malware definitions.
**Note** To optimize scanning time and produce a more sensible report for review:
|
|
|
|
|
07-06-2008, 11:06 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
Re: My Computer is Possessed
Note: I had set a Picture for my Desktop, but it just reset itself to None, and it is just Blue now. I have not tried resetting, just afraid to mess with anything once I knew that something was wrong.
Note: My Taskbar does not freeze up right away. Sometimes it works for a few minutes, or even an hour. Note: My Internet Explorer is sparatic in opening, but if I go to Task Manager, Processes, it shows iexplore.exe several times, but the windows are not open. When shutting down, there pop-up windows saying that iexplore is shutting down, but I have to click End Now to get it to go away. I believe that it has a popup window for every time I try to open Internet Explorer. I try all ways, Desktop Icon, Launch Icon, Programs>Internet Explorer>iexplore.exe. I never know which one will work. Also, occasionally I get a popup stating that my user Desktop access is denied?? KASPERSKY ONLINE SCANNER 7 REPORT Sunday, July 6, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, July 06, 2008 16:22:49 Records in database: 918651 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 85614 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 01:07:36 File name Threat name Threats count C:\Documents and Settings\Becky Lacock\Desktop\TEMPORARY\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 The selected area was scanned. |
|
|
|
|
07-06-2008, 10:08 PM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: My Computer is Possessed
I'm not seeing any malware, how long ago did this begin?
Do you recall installing any new software just before these issues started? |
|
|
|
|
07-07-2008, 06:30 AM
|
#10 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
Re: My Computer is Possessed
Note: This started happening a few months ago. I am really not sure, because I don’t use this computer for much, and usually only short periods, as I have a LapTop. I knew that there was a little glitch as it was only doing it sporadically
Note: The only Major Programs that I can "remember" that was installed around or preceding this issue are: TurboTax 2007. Limewire (uninstalled) ? ? Is there anyway I can go through Programs installed and see when they were installed so that I can make sure? Note: Following the 5 Steps before posting, I did Un-install some programs in AddRemovePrograms, but I still see some of them in my Programs Folder in Explore?? Soulseek ( on this computer for a while but not used in a VERY long time) Poker Stars.net (on this computer for several months, used twice) Should I just delete their Folders out of Programs Folder? |
|
|
|
|
07-07-2008, 06:38 AM
|
#11 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 32
OS: xp professional
|
Re: My Computer is Possessed
Note: My computer Time is not correct. I just posted the previous message and it states that I posted it at 5:30 AM and it should read 7:35 AM CST. But the Clock on my Computer says 6:56 AM. ????? Just thought that may help. Thanx for your help, Maybe I am in the wrong Forum if it is not Malware?? What could it be and where would I go? I also see that apparently Combo Fix was run in January, without professional guidance. or instruction. I need to stop trying to fix things myself, continue to donate when I can and utilize all of you who know what they are doing..... :( Apparently there was little something was wrong at that time, but has gotten progressively worse? I am including the Log from it just in case you can use it. ComboFix 08-01-17.1 - Becky Lacock 2008-01-16 16:12:44.1 - NTFSx86 Running from: C:\Documents and Settings\Becky Lacock\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-16 16:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 10:52 . 2008-01-10 10:52 <DIR> d-------- C:\Program Files\A-FF Find and Mount 2008-01-10 10:52 . 2007-05-31 19:13 8,832 --a------ C:\WINDOWS\system32\slicedisk.sys 2008-01-07 10:08 . 2008-01-17 16:17 211,188 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-01-07 10:08 . 2008-01-16 14:44 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys 2008-01-07 10:08 . 2008-01-17 16:17 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-01-07 10:03 . 2008-01-07 10:03 <DIR> d-------- C:\Program Files\Panda Security 2008-01-07 10:03 . 2007-07-12 08:42 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll 2008-01-07 10:03 . 2007-03-13 18:01 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll 2008-01-07 10:03 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys 2008-01-07 10:03 . 2006-06-27 19:36 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2008-01-07 10:03 . 2007-02-28 18:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll 2008-01-07 10:03 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2008-01-07 10:03 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2008-01-07 10:03 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2008-01-07 10:03 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf 2008-01-07 09:59 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-01-07 09:59 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2007-12-27 13:37 . 2007-12-27 13:43 37 --a------ C:\WINDOWS\marscam.ini 2007-12-27 13:34 . 2007-12-27 13:34 <DIR> d-------- C:\Program Files\MARS 2007-12-27 13:34 . 2001-05-30 00:00 352,256 --a------ C:\WINDOWS\system32\ijl15.dll 2007-12-27 13:34 . 2002-12-13 02:06 129,875 -ra------ C:\WINDOWS\system32\drivers\mr97310c.sys 2007-12-27 13:34 . 2004-05-11 14:06 102,400 --a------ C:\WINDOWS\system32\mr310ifc.dll 2007-12-27 13:34 . 2005-02-03 15:21 73,728 --a------ C:\WINDOWS\system32\mr310ipc.dll 2007-12-27 13:34 . 2001-10-11 20:57 36,864 -ra------ C:\WINDOWS\system32\mr310exv.dll 2007-12-27 13:34 . 2001-10-11 20:58 28,672 -ra------ C:\WINDOWS\system32\mr310exd.dll 2007-12-27 13:34 . 2000-12-07 10:13 15,164 --a------ C:\WINDOWS\mr310twc.ini 2007-12-27 13:34 . 2002-04-12 15:31 12,106 --a------ C:\WINDOWS\mr310twc.src . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 22:17 211,188 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-01-17 22:17 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-01-07 15:59 --------- d-----w C:\Program Files\Common Files\Panda Software 2007-12-27 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-24 16:39 8,192 ----a-w C:\WINDOWS\java\Local Data\Becky Lacock\STG63A.tmp 2007-11-15 19:05 60,968 ----a-w C:\WINDOWS\java\GoToAssistDownloadHelper.exe 2006-11-18 01:54 560 ----a-w C:\Documents and Settings\Becky Lacock\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:54 68856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-11-15 13:05 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2006-02-09 20:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-08-13 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 15:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-03-09 14:30 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 10:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 13:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-27 11:54 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2004-01-07 00:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e549d9-594b-11db-91ab-00111120f66c}] \Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe . Contents of the 'Scheduled Tasks' folder |
