Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
hijack & combo logs hijack & combo logs
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 07-08-2008, 03:01 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 7
OS: xp pro sp2


hijack & combo logs
Usually do this myself but computer has been acting a little strange so I thought another set of eyes wouldn't hurt.

Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 5:56:37 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Combofix:

ComboFix 08-07-04.3 - mike 2008-07-08 5:50:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1569 [GMT -4:00]
Running from: C:\Documents and Settings\mike\Desktop\66.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-07 12:17 . 2008-07-07 12:17 16,384 --a------ C:\WINDOWS\~DF9A88.tmp
2008-07-07 11:31 . 2008-07-07 11:31 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-07-07 11:31 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-07 11:31 . 2003-06-06 11:21 81,920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-07-07 11:24 . 2008-07-07 11:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 11:24 . 2008-07-07 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 11:24 . 2008-07-07 11:24 <DIR> d-------- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com
2008-07-07 11:24 . 2008-07-07 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-07 03:28 . 2008-07-07 03:28 <DIR> d-------- C:\Documents and Settings\mike\Application Data\Media Player Classic
2008-07-06 02:34 . 2008-07-06 02:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-05 19:49 . 2008-07-05 22:22 <DIR> d-------- C:\Program Files\PartitionMagic 8.0
2008-07-05 17:27 . 2008-07-05 17:27 <DIR> d-------- C:\Program Files\StorageCrypt v2.0
2008-07-05 07:13 . 2008-07-05 07:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-05 07:04 . 2008-07-08 01:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 07:04 . 2004-08-30 21:00 1,069,056 --a------ C:\WINDOWS\system32\gpedits.exe
2008-07-05 07:04 . 2008-07-05 17:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-07-05 07:04 . 2008-07-05 18:31 155 --a------ C:\WINDOWS\system32\Monitored3.dat
2008-07-05 06:54 . 2008-07-05 07:05 <DIR> d-------- C:\Program Files\Chaos Shredder
2008-07-05 04:12 . 2008-07-05 04:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-07-05 04:12 . 2008-07-05 04:12 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-05 04:12 . 2008-07-05 04:12 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-05 04:12 . 2008-07-07 11:21 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-07-05 04:12 . 2008-07-05 04:12 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-05 04:04 . 2008-07-06 19:17 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-07-05 03:57 . 2008-07-08 05:50 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-05 03:52 . 2008-07-08 05:50 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-05 03:50 . 2008-07-05 03:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-05 03:50 . 2008-07-05 03:50 <DIR> d-------- C:\Program Files\BitDefender
2008-07-05 03:50 . 2008-07-05 03:50 <DIR> d-------- C:\Documents and Settings\mike\Application Data\Bitdefender
2008-07-05 03:50 . 2008-07-05 03:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-05 03:15 . 2008-07-07 12:03 <DIR> d-------- C:\Program Files\True Sword 4
2008-07-05 03:15 . 2008-07-05 03:20 <DIR> d-------- C:\Program Files\Symantec
2008-07-05 03:15 . 2008-07-05 03:15 <DIR> d-------- C:\Documents and Settings\mike\Application Data\True Sword
2008-07-05 03:14 . 2008-07-05 03:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-05 03:13 . 2008-07-05 03:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-05 03:11 . 2008-07-05 03:11 26,765 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-05 03:03 . 2008-07-05 03:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-05 03:03 . 2008-07-05 03:03 <DIR> d---s---- C:\Documents and Settings\mike\UserData
2008-07-05 02:52 . 2008-07-05 02:52 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-07-05 02:52 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-07-05 02:38 . 2008-07-05 07:45 <DIR> d-------- C:\Program Files\tmp
2008-07-05 02:29 . 2008-07-05 02:29 0 --a------ C:\WINDOWS\msicpl.ini
2008-07-05 02:25 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-05 02:22 . 2008-07-05 02:22 <DIR> d-------- C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E) dir
2008-07-05 02:22 . 2008-07-05 02:22 606,848 --a------ C:\WINDOWS\flashax.exe
2008-07-05 02:22 . 2008-07-05 02:22 194,560 --a------ C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr
2008-07-05 02:22 . 2008-07-05 02:22 12,288 --a------ C:\WINDOWS\impborl.dll
2008-07-05 02:21 . 2008-07-05 02:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-05 02:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-05 02:19 . 2005-01-28 04:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-07-05 02:19 . 2004-10-14 05:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-07-05 02:18 . 2008-07-05 02:21 <DIR> d-------- C:\Program Files\ASUS
2008-07-05 02:18 . 2004-02-27 00:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-07-05 02:18 . 2004-02-17 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-05 02:18 . 2004-09-07 11:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-07-05 02:18 . 2004-03-10 14:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-07-05 02:12 . 2008-07-05 02:12 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-07-05 02:12 . 2008-07-05 02:12 <DIR> d-------- C:\Program Files\Realtek AC97
2008-07-05 02:12 . 2008-07-05 02:12 <DIR> d-------- C:\Program Files\AvRack
2008-07-05 02:12 . 2001-07-05 12:19 164 -r------- C:\WINDOWS\avrack.ini
2008-07-05 02:11 . 2008-07-05 19:49 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 02:11 . 2008-07-05 02:11 <DIR> d-------- C:\Program Files\AMD
2008-07-05 02:11 . 2005-08-17 06:25 18,771,968 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-07-05 02:11 . 2005-08-17 06:21 10,458,112 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2008-07-05 02:11 . 2005-08-19 05:31 3,644,800 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-07-05 02:11 . 2005-08-12 06:40 307,200 -r------- C:\WINDOWS\alcupd.exe
2008-07-05 02:11 . 2005-08-12 05:35 212,992 -r------- C:\WINDOWS\alcrmv.exe
2008-07-05 02:11 . 2004-09-07 02:23 156,672 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-07-05 02:11 . 2002-02-05 01:54 141,016 -ra------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-07-05 02:11 . 2005-08-17 06:39 90,112 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2008-07-05 02:11 . 2005-07-15 04:48 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-07-05 02:11 . 2005-03-09 15:53 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-04 21:13 . 2005-07-26 05:48 101,120 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2008-07-04 21:05 . 2008-07-04 21:05 <DIR> d-------- C:\Program Files\Marvell
2008-06-12 12:25 . 2008-06-12 12:25 962,560 --a------ C:\WINDOWS\system32\VSFilter.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 06:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 03:46 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-08-04 14:24 3627008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 05:17 8527872]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2007-10-30 04:37 208896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 05:17 81920]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 06:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-10-25 05:17 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 05:51:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 5:51:28
ComboFix-quarantined-files.txt 2008-07-08 09:51:26

Pre-Run: 493,808,603,136 bytes free
Post-Run: 493,798,862,848 bytes free

137
poolshark111 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-22-2008, 04:48 AM   #2 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 691
OS: W2K SP4 + XP SP2 + Vista


Re: hijack & combo logs
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------


If you still require help please post a fresh HJT log


Old version of HJT
You are running an older version of Hijack This.

Download HJTinstall.exe to your desktop

It is important that you uninstall any previous versions by using Add/Remove programs in your control panel
before installing a newer version.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:55 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82