|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-12-2008, 06:41 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Help me understand My log file?
Hello,
I am interested in learning how to understand my hijack this log and others like it. Maybe someone can direct me to another resource for additional information if this is to large of a task here. I do not know if its necessary to note my anti-virus software: AVG, My OS: XP sp2 or any other info. My file was from a random moment on my pc. I'm not sure if I have any suspicious processes but I would like to know how to determine which is normal and which are not. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:29:02 PM, on 11/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Steam\Steam.exe C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: {110955c7-c73d-eb58-f8c4-50e5acc62b87} - {78b26cca-5e05-4c8f-85be-d37c7c559011} - C:\WINDOWS\system32\kqskje.dll O2 - BHO: (no name) - {7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - C:\WINDOWS\system32\nnnoNhhe.dll (file missing) O2 - BHO: (no name) - {9A0BF271-D67B-40DE-9E23-8C5DB937ED5F} - C:\WINDOWS\system32\vtUnkjHB.dll (file missing) O2 - BHO: D - {C4AAEFC7-0753-344F-A26B-BF1E593DD285} - C:\WINDOWS\system32\xwr74203.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [e80abe04] rundll32.exe "C:\WINDOWS\system32\kaugqnmb.dll",b O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll kqskje.dll O20 - Winlogon Notify: nnnoNhhe - nnnoNhhe.dll (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5324 bytes |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-14-2008, 01:27 PM
|
#2 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello and Welcome to TSF.
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply. ------------------------------------------------------ |
|
|
|
|
11-15-2008, 07:42 AM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Re: Help me understand My log file?
Hello Chemist,
After following all of your steps I have the both .txt files. I'm not sure how to quite articulately describe my PC's issues other than an occasional pop-up to this one page informing me that my machine is infected. So any advice on how to diagnose a potential Rootkit problem would be appreciated. Here are my logs. GMER.txt: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-15 09:26:45 Windows 5.1.2600 Service Pack 2 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [00FFE070] c:\program files\aim6\services\imApp\ver6_8_14_6\imAppService.dll (imAppService EE Application Service/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.14 ---- DDS.txt: DDS (Version 1.0) - NTFSx86 Run by Administrator at 9:27:26.89 on Sat 11/15/2008 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1049 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\gmer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Psuedo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll dURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {C4AAEFC7-0753-344F-A26B-BF1E593DD285} - c:\windows\system32\xwr74203.dll TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll uRun: [Steam] "c:\program files\steam\Steam.exe" -silent uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SoundMan] SOUNDMAN.EXE mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll kqskje.dll SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" =============== Created Last 30 ================ 2008-11-15 09:05 250 a------- c:\windows\gmer.ini 2008-11-13 19:33 <DIR> --d----- c:\windows\system32\NtmsData 2008-11-13 18:31 <DIR> a-dshr-- C:\cmdcons 2008-11-13 17:32 161,792 a------- c:\windows\SWREG.exe 2008-11-13 17:32 98,816 a------- c:\windows\sed.exe 2008-11-13 17:32 <DIR> --d----- C:\ComboFix 2008-11-12 19:28 <DIR> --d----- c:\program files\Trend Micro 2008-11-12 19:26 <DIR> --d----- c:\program files\Bonjour 2008-11-10 18:26 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys 2008-11-07 19:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Xfire 2008-11-07 19:58 <DIR> --d----- c:\program files\Xfire 2008-11-07 19:08 176,128 a------- c:\windows\system32\nvuide.exe 2008-11-07 19:08 1,537 a------- c:\windows\system32\nvide.nvu 2008-11-07 19:08 289,792 a----r-- c:\windows\system32\idecoins.dll 2008-11-07 19:08 289,792 a----r-- c:\windows\system32\idecoi.dll 2008-11-07 19:08 93,568 a----r-- c:\windows\system32\drivers\nvatabus.sys 2008-11-07 19:08 33,280 a----r-- c:\windows\system32\NVCOI.DLL 2008-11-07 19:03 <DIR> --d----- c:\windows\system32\ReinstallBackups 2008-11-07 19:03 36,352 a------- c:\windows\system32\drivers\AmdK8.sys 2008-11-07 19:03 <DIR> --d----- c:\program files\AMD 2008-11-07 19:01 176,128 a------- c:\windows\system32\NVUNINST.EXE 2008-11-07 19:00 810,056 a----r-- c:\windows\system32\SATA.bmp 2008-11-07 19:00 266 a----r-- c:\windows\system32\raidmgmt.ini 2008-11-07 19:00 26,850 a------- c:\windows\Ascd_tmp.ini 2008-11-01 12:00 <DIR> --d-h--- C:\$AVG8.VAULT$ 2008-11-01 11:28 <DIR> --d----- c:\program files\common files\Software Update Utility 2008-11-01 11:28 <DIR> --d----- c:\program files\AIM Toolbar 2008-11-01 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar 2008-11-01 11:28 <DIR> --d----- c:\program files\AIM Search 2008-11-01 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint 2008-11-01 11:28 <DIR> --d----- c:\program files\Viewpoint 2008-11-01 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore 2008-11-01 11:28 <DIR> --d----- c:\program files\common files\AOL 2008-11-01 11:27 <DIR> --d----- c:\program files\AIM6 2008-11-01 11:27 468 a---h--- C:\IPH.PH 2008-11-01 10:40 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys 2008-11-01 10:40 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-11-01 10:40 <DIR> --d----- c:\windows\system32\drivers\Avg 2008-11-01 10:40 98,440 a------- c:\windows\system32\drivers\avgldx86.sys 2008-11-01 10:40 90,632 a------- c:\windows\system32\drivers\avgtdix.sys 2008-11-01 10:40 <DIR> --d----- c:\program files\AVG 2008-11-01 10:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2008-11-01 10:20 2,720,932 a------- c:\windows\system32\xa491081437.exe 2008-11-01 10:20 2,720,932 a------- c:\windows\system32\xa491081156.exe 2008-11-01 10:20 172,032 a------- c:\windows\system32\xwr74203.dll 2008-11-01 10:20 172,032 a------- c:\windows\system32\wr74203.dll 2008-11-01 10:06 600 a------- c:\windows\eReg.dat 2008-11-01 09:42 1,064,456 a------- c:\windows\system32\MSCOMCTL.OCX 2008-11-01 09:40 <DIR> --d----- C:\~MSSETUP.T 2008-11-01 09:40 <DIR> --d----- c:\program files\Maxis 2008-11-01 09:39 304,128 a------- c:\windows\IsUninst.exe 2008-11-01 09:39 <DIR> --d----- c:\documents and settings\administrator\WINDOWS 2008-11-01 08:05 <DIR> --d----- C:\Applications Folder 2008-10-31 04:36 <DIR> --d----- c:\program files\Dell Photo AIO Printer 924 2008-10-31 04:36 <DIR> --d----- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-10-31 04:35 <DIR> --d----- C:\drivers 2008-10-29 20:25 42,320 a------- c:\windows\system32\xfcodec.dll 2008-10-26 18:29 1,060,864 a------- c:\windows\system32\MFC71.dll 2008-10-26 18:29 606,293 a------- c:\windows\system32\wbocx.ocx 2008-10-26 18:29 499,712 a------- c:\windows\system32\msvcp71.dll 2008-10-26 18:29 348,160 a------- c:\windows\system32\msvcr71.dll 2008-10-26 18:29 50,688 a------- c:\windows\system32\wbhelp2.dll 2008-10-26 18:29 <DIR> --d----- c:\program files\Ipswitch 2008-10-26 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ipswitch 2008-10-26 17:58 <DIR> --d----- c:\program files\common files\Macrovision Shared 2008-10-26 17:32 <DIR> --d----- c:\program files\PowerISO 2008-10-26 15:31 <DIR> --d----- c:\program files\uTorrent 2008-10-26 15:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent 2008-10-26 13:20 <DIR> --d----- c:\program files\Realtek Sound Manager 2008-10-26 13:20 <DIR> --d----- c:\program files\AvRack 2008-10-26 13:20 164 -----r-- c:\windows\avrack.ini 2008-10-26 13:20 <DIR> --d----- c:\program files\Realtek AC97 2008-10-26 13:20 3,644,800 a----r-- c:\windows\system32\drivers\ALCXWDM.SYS 2008-10-26 13:20 156,672 a----r-- c:\windows\system32\RTLCPAPI.dll 2008-10-26 13:20 90,112 a----r-- c:\windows\SOUNDMAN.EXE 2008-10-26 13:20 40,960 -----r-- c:\windows\system32\ChCfg.exe 2008-10-26 13:20 10,458,112 a----r-- c:\windows\system32\RTLCPL.EXE 2008-10-26 13:20 141,016 a----r-- c:\windows\system32\ALSNDMGR.WAV 2008-10-26 13:20 18,771,968 a----r-- c:\windows\system32\ALSNDMGR.CPL 2008-10-26 13:20 307,200 -----r-- c:\windows\alcupd.exe 2008-10-26 13:20 212,992 -----r-- c:\windows\alcrmv.exe 2008-10-26 13:19 <DIR> --d----- c:\program files\Marvell 2008-10-26 13:18 1,030,656 a----r-- c:\windows\16copy.avi 2008-10-26 13:18 1,030,656 a----r-- c:\windows\copy.avi 2008-10-26 13:18 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys 2008-10-26 13:18 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS 2008-10-26 13:15 13,335 a------- c:\windows\system32\drivers\usbcm.sys 2008-10-26 12:49 261,480 a------- c:\windows\system32\xactengine2_7.dll 2008-10-26 12:49 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll 2008-10-26 12:49 443,752 a------- c:\windows\system32\d3dx10_33.dll 2008-10-26 12:49 3,495,784 a------- c:\windows\system32\d3dx9_33.dll 2008-10-26 12:49 255,848 a------- c:\windows\system32\xactengine2_6.dll 2008-10-26 12:46 <DIR> --d----- c:\documents and settings\Administrator 2008-10-26 12:46 <DIR> --ds---- c:\windows\system32\Microsoft 2008-10-26 12:45 8,192 a------- c:\windows\REGLOCS.OLD 2008-10-26 12:43 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime 2008-10-26 12:42 218,112 ac------ c:\windows\system32\dllcache\c_g18030.dll 2008-10-26 12:41 <DIR> --dsh--- c:\documents and settings\all users\DRM 2008-10-26 12:41 488 a---hr-- c:\windows\system32\WindowsLogon.manifest 2008-10-26 12:41 488 a---hr-- c:\windows\system32\logonui.exe.manifest 2008-10-26 12:41 <DIR> --ds---- c:\windows\Downloaded Program Files 2008-10-26 12:41 <DIR> --d--r-- c:\windows\Offline Web Pages 2008-10-26 12:41 749 a---hr-- c:\windows\WindowsShell.Manifest 2008-10-26 12:41 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest 2008-10-26 12:41 749 a---hr-- c:\windows\system32\sapi.cpl.manifest 2008-10-26 12:41 749 a---hr-- c:\windows\system32\nwc.cpl.manifest 2008-10-26 12:41 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest 2008-10-26 12:41 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest 2008-10-26 12:41 <DIR> --d-h--- c:\program files\WindowsUpdate 2008-10-26 12:40 <DIR> --d----- c:\program files\common files\MSSoap 2008-10-26 12:39 <DIR> --d----- c:\program files\Online Services 2008-10-26 12:39 <DIR> --d----- c:\program files\Windows Media Connect 2 2008-10-26 12:39 <DIR> --d----- c:\program files\Messenger 2008-10-26 12:39 <DIR> --d----- c:\program files\MSN Gaming Zone 2008-10-26 12:38 <DIR> --d----- c:\program files\Windows NT 2008-10-26 12:24 <DIR> --d----- c:\program files\Steam 2008-10-26 07:20 <DIR> --d----- c:\program files\common files\ODBC 2008-10-26 07:20 <DIR> --d----- c:\program files\common files\SpeechEngines 2008-10-26 07:19 <DIR> --d--r-- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2008-10-27 14:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-26 12:39 21,640 a------- c:\windows\system32\emptyregdb.dat ============= FINISH: 9:27:34.53 =============== |
|
|
|
|
11-15-2008, 08:56 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello Seeker33. It appears you didn't attach Attach.txt to your last post. If you didn't save it to your desktop, you will have to run DSS.scr again. I only need Attach.txt this time.
Attach the following report to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload. Attach.txt ------------------------------------------------------ |
|
|
|
|
11-15-2008, 03:47 PM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello Seeker33. It also appears that you previously ran ComboFix.
ComboFix is an extremely powerful tool and is not recommended for unsupervised use. Doing so could leave your computer unbootable and your data unretrievable. I need to see what you have already done before we continue. Go Start > Run and copy/paste the following into the Run box and click OK: C:\ComboFix.txt A Notepad file should open. Please post the log here for review. ------------------------------------------------------ |
|
|
|
|
11-16-2008, 06:49 AM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Re: Help me understand My log file?
Chemist,
I only ran the scan. I did nothing more. I saw this tool being used on this forum. But I simply wanted to dip my toe in the proverbial water. Here are my results. ComboFix 08-11-12.01 - Administrator 2008-11-13 18:31:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.827 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\install.exe c:\windows\system32\BHjknUtv.ini c:\windows\system32\BHjknUtv.ini2 c:\windows\system32\bmnqguak.ini c:\windows\system32\btspjvwj.ini c:\windows\system32\eujcdptn.dll c:\windows\system32\hrbeysrx.dll c:\windows\system32\igaaglqi.ini c:\windows\system32\jlayexop.dll c:\windows\system32\jlgnwwwg.dll c:\windows\system32\kaugqnmb.dll c:\windows\system32\kjpojuuc.ini c:\windows\system32\kkxsxf.dll c:\windows\system32\kqskje.dll c:\windows\system32\uuheuv.dll c:\windows\system32\wjomry.dll ----- BITS: Possible infected sites ----- hxxp://onestopstation.net . ((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) . 2008-11-12 19:28 . 2008-11-12 19:28 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 19:26 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Bonjour 2008-11-10 18:26 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-11-08 12:20 . 2008-11-08 12:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\program files\NOS 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-11-07 22:34 . <DIR> c:\windows\LastGood.Tmp 2008-11-07 19:59 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire 2008-11-07 19:58 . 2008-11-12 00:13 <DIR> d-------- c:\program files\Xfire 2008-11-07 19:58 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoins.dll 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoi.dll 2008-11-07 19:08 . 2005-08-03 00:51 176,128 --a------ c:\windows\system32\nvuide.exe 2008-11-07 19:08 . 2005-08-18 03:52 93,568 -ra------ c:\windows\system32\drivers\nvatabus.sys 2008-11-07 19:08 . 2005-08-03 00:52 33,280 -ra------ c:\windows\system32\NVCOI.DLL 2008-11-07 19:08 . 2005-06-29 10:26 1,537 --a------ c:\windows\system32\nvide.nvu 2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\program files\AMD 2008-11-07 19:03 . 2005-03-09 15:53 36,352 --a------ c:\windows\system32\drivers\AmdK8.sys 2008-11-07 19:01 . 2005-09-28 11:08 176,128 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-07 19:00 . 2005-09-06 03:29 810,056 -ra------ c:\windows\system32\SATA.bmp 2008-11-07 19:00 . 2008-11-07 19:00 26,850 --a------ c:\windows\Ascd_tmp.ini 2008-11-07 19:00 . 2005-09-07 23:40 266 -ra------ c:\windows\system32\raidmgmt.ini 2008-11-01 12:00 . 2008-11-04 12:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-01 11:29 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\Viewpoint 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\Common Files\Software Update Utility 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\Common Files\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Search 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-01 11:28 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2008-11-01 11:27 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM6 2008-11-01 11:27 . 2008-11-01 11:28 468 --ah----- C:\IPH.PH 2008-11-01 10:40 . 2008-11-13 17:17 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\program files\AVG 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-01 10:40 . 2008-11-02 08:40 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 10:40 . 2008-11-06 09:35 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-01 10:40 . 2008-11-01 10:40 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys 2008-11-01 10:40 . 2008-11-01 10:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-01 10:20 . 2008-11-01 10:20 2,720,932 --a------ c:\windows\system32\xa491081437.exe 2008-11-01 10:20 . 2008-11-01 10:20 2,720,932 --a------ c:\windows\system32\xa491081156.exe 2008-11-01 10:20 . 2008-11-01 10:20 172,032 --a------ c:\windows\system32\xwr74203.dll 2008-11-01 10:20 . 2008-11-01 10:20 172,032 --a------ c:\windows\system32\wr74203.dll 2008-11-01 10:06 . 2008-11-01 10:06 600 --a------ c:\windows\eReg.dat 2008-11-01 09:42 . 1999-05-12 19:00 1,064,456 --a------ c:\windows\system32\MSCOMCTL.OCX 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- c:\program files\Maxis 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- C:\~MSSETUP.T 2008-11-01 09:39 . 2008-11-01 09:39 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-11-01 09:39 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe 2008-11-01 08:05 . 2008-11-01 16:17 <DIR> d-------- C:\Applications Folder 2008-10-31 04:36 . 2008-11-03 17:40 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-10-31 04:36 . 2008-10-31 04:36 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924 2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d-------- C:\drivers 2008-10-29 20:25 . 2008-10-29 20:25 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\program files\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield 2008-10-26 18:29 . 2004-09-17 11:09 1,060,864 --a------ c:\windows\system32\MFC71.dll 2008-10-26 18:29 . 2005-02-28 12:37 606,293 --a------ c:\windows\system32\wbocx.ocx 2008-10-26 18:29 . 2004-02-12 17:16 499,712 --a------ c:\windows\system32\msvcp71.dll 2008-10-26 18:29 . 2004-12-06 14:26 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-10-26 18:29 . 2005-02-28 12:37 50,688 --a------ c:\windows\system32\wbhelp2.dll 2008-10-26 18:16 . 2008-10-26 18:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-26 17:58 . 2008-10-26 17:58 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-10-26 17:57 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\program files\PowerISO 2008-10-26 15:31 . 2008-10-26 15:31 <DIR> d-------- c:\program files\uTorrent 2008-10-26 15:31 . 2008-11-13 18:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent 2008-10-26 15:23 . 2008-10-26 15:23 0 --a------ c:\windows\nsreg.dat 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek Sound Manager 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek AC97 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\AvRack 2008-10-26 13:20 . 2005-08-17 05:25 18,771,968 -ra------ c:\windows\system32\ALSNDMGR.CPL 2008-10-26 13:20 . 2005-08-17 05:21 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE 2008-10-26 13:20 . 2005-08-19 04:31 3,644,800 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS 2008-10-26 13:20 . 2005-08-12 05:40 307,200 -r------- c:\windows\alcupd.exe 2008-10-26 13:20 . 2005-08-12 04:35 212,992 -r------- c:\windows\alcrmv.exe 2008-10-26 13:20 . 2004-09-07 01:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll 2008-10-26 13:20 . 2002-02-05 00:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV 2008-10-26 13:20 . 2005-08-17 05:39 90,112 -ra------ c:\windows\SOUNDMAN.EXE 2008-10-26 13:20 . 2005-07-15 03:48 40,960 -r------- c:\windows\system32\ChCfg.exe 2008-10-26 13:20 . 2001-07-05 11:19 164 -r------- c:\windows\avrack.ini 2008-10-26 13:19 . 2008-10-26 13:19 <DIR> d-------- c:\program files\Marvell 2008-10-26 13:18 . 2004-11-01 04:45 1,030,656 -ra------ c:\windows\copy.avi 2008-10-26 13:18 . 2004-12-13 22:01 1,030,656 -ra------ c:\windows\16copy.avi 2008-10-26 13:18 . 2000-03-29 09:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2008-10-26 13:18 . 2004-08-12 21:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys 2008-10-26 13:15 . 2002-04-11 20:21 13,335 --a------ c:\windows\system32\drivers\usbcm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-13 23:35 --------- d-----w c:\program files\Steam 2008-11-08 00:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 18:19 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-26 17:42 --------- d-----w c:\program files\microsoft frontpage 2008-10-26 17:39 --------- d-----w c:\program files\Windows Media Connect 2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4AAEFC7-0753-344F-A26B-BF1E593DD285}] 2008-11-01 10:20 172032 --a------ c:\windows\system32\xwr74203.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2008-10-26 1410296] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll kqskje.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\sforce33\\counter-strike source\\hl2.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-01 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-02 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-06 90632] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) BHO-{78b26cca-5e05-4c8f-85be-d37c7c559011} - c:\windows\system32\kqskje.dll BHO-{7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - c:\windows\system32\nnnoNhhe.dll BHO-{9A0BF271-D67B-40DE-9E23-8C5DB937ED5F} - c:\windows\system32\vtUnkjHB.dll HKLM-Run-e80abe04 - c:\windows\system32\kaugqnmb.dll ShellExecuteHooks-{7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - c:\windows\system32\nnnoNhhe.dll Notify-nnnoNhhe - nnnoNhhe.dll . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b17ugqhl.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nys-permits.org/|http://forums.monstersmallbusiness.c...howtopic=15952 FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-13 18:35:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\rundll32.exe c:\program files\AIM6\aolsoftware.exe c:\program files\Mozilla Firefox\firefox.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-11-13 18:40:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-13 23:40:08 Pre-Run: 274,437,103,616 bytes free Post-Run: 274,647,764,992 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 237 |
|
|
|
|
11-16-2008, 11:51 AM
|
#8 (permalink) | |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello Seeker33.
Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here, and here. I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs. If you decide to uninstall uTorrent, also delete these Folders if they still exist: C:\Documents and Settings\Administrator\Application Data\uTorrent C:\Program Files\uTorrent ------------------------------------------------------ Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists: Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here If you decide to uninstall it, also delete the following Folders if they still exist: C:\Program Files\Viewpoint C:\Documents and Settings\All Users\Application Data\Viewpoint ------------------------------------------------------ Delete ComboFix.exe from your desktop. ------------------------------------------------------ Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the quotebox below into Notepad: Quote:
 Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix, please click Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. Note: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall. When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file. Please let your helper know you successfully submitted the file. ------------------------------------------------------ Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here. Please close HijackThis now. ------------------------------------------------------ Please post the following in your next reply: ComboFix.txt new HijackThis log If you have any questions along the way...STOP and ask them before proceeding. |
|
|
|
|
|
11-16-2008, 03:56 PM
|
#9 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Re: Help me understand My log file?
Chemist,
I ran the scans and submitted the file. Here is ComboFix.txt: ComboFix 08-11-16.02 - Administrator 2008-11-16 17:46:47.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.909 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\windows\LastGood 2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\program files\Hamachi 2008-11-16 16:53 . 2008-11-16 17:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Hamachi 2008-11-16 16:53 . 2008-11-16 16:53 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-11-15 09:05 . 2008-11-15 09:05 250 --a------ c:\windows\gmer.ini 2008-11-13 19:57 . 2008-11-13 19:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire 2008-11-13 19:33 . 2008-11-15 08:03 <DIR> d-------- c:\windows\system32\NtmsData 2008-11-12 19:28 . 2008-11-12 19:28 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 19:26 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Bonjour 2008-11-10 18:26 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-11-08 12:20 . 2008-11-08 12:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\program files\NOS 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-11-07 19:59 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire 2008-11-07 19:58 . 2008-11-12 00:13 <DIR> d-------- c:\program files\Xfire 2008-11-07 19:58 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoins.dll 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoi.dll 2008-11-07 19:08 . 2005-08-03 00:51 176,128 --a------ c:\windows\system32\nvuide.exe 2008-11-07 19:08 . 2005-08-18 03:52 93,568 -ra------ c:\windows\system32\drivers\nvatabus.sys 2008-11-07 19:08 . 2005-08-03 00:52 33,280 -ra------ c:\windows\system32\NVCOI.DLL 2008-11-07 19:08 . 2005-06-29 10:26 1,537 --a------ c:\windows\system32\nvide.nvu 2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\program files\AMD 2008-11-07 19:03 . 2005-03-09 15:53 36,352 --a------ c:\windows\system32\drivers\AmdK8.sys 2008-11-07 19:01 . 2005-09-28 11:08 176,128 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-07 19:00 . 2005-09-06 03:29 810,056 -ra------ c:\windows\system32\SATA.bmp 2008-11-07 19:00 . 2008-11-07 19:00 26,850 --a------ c:\windows\Ascd_tmp.ini 2008-11-07 19:00 . 2005-09-07 23:40 266 -ra------ c:\windows\system32\raidmgmt.ini 2008-11-01 12:00 . 2008-11-14 12:17 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-01 11:29 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\Common Files\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Search 2008-11-01 11:28 . 2008-11-16 16:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-01 11:28 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2008-11-01 11:27 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM6 2008-11-01 11:27 . 2008-11-01 11:28 468 --ah----- C:\IPH.PH 2008-11-01 10:40 . 2008-11-16 17:16 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\program files\AVG 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-01 10:40 . 2008-11-02 08:40 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 10:40 . 2008-11-06 09:35 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-01 10:40 . 2008-11-01 10:40 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys 2008-11-01 10:40 . 2008-11-01 10:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-01 10:06 . 2008-11-01 10:06 600 --a------ c:\windows\eReg.dat 2008-11-01 09:42 . 1999-05-12 19:00 1,064,456 --a------ c:\windows\system32\MSCOMCTL.OCX 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- c:\program files\Maxis 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- C:\~MSSETUP.T 2008-11-01 09:39 . 2008-11-01 09:39 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-11-01 09:39 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe 2008-11-01 08:05 . 2008-11-01 16:17 <DIR> d-------- C:\Applications Folder 2008-10-31 04:36 . 2008-11-03 17:40 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-10-31 04:36 . 2008-10-31 04:36 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924 2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d-------- C:\drivers 2008-10-29 20:25 . 2008-10-29 20:25 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\program files\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield 2008-10-26 18:29 . 2004-09-17 11:09 1,060,864 --a------ c:\windows\system32\MFC71.dll 2008-10-26 18:29 . 2005-02-28 12:37 606,293 --a------ c:\windows\system32\wbocx.ocx 2008-10-26 18:29 . 2004-02-12 17:16 499,712 --a------ c:\windows\system32\msvcp71.dll 2008-10-26 18:29 . 2004-12-06 14:26 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-10-26 18:29 . 2005-02-28 12:37 50,688 --a------ c:\windows\system32\wbhelp2.dll 2008-10-26 18:16 . 2008-10-26 18:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-26 17:58 . 2008-10-26 17:58 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-10-26 17:57 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\program files\PowerISO 2008-10-26 15:23 . 2008-10-26 15:23 0 --a------ c:\windows\nsreg.dat 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek Sound Manager 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek AC97 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\AvRack 2008-10-26 13:20 . 2005-08-17 05:25 18,771,968 -ra------ c:\windows\system32\ALSNDMGR.CPL 2008-10-26 13:20 . 2005-08-17 05:21 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE 2008-10-26 13:20 . 2005-08-19 04:31 3,644,800 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS 2008-10-26 13:20 . 2005-08-12 05:40 307,200 -r------- c:\windows\alcupd.exe 2008-10-26 13:20 . 2005-08-12 04:35 212,992 -r------- c:\windows\alcrmv.exe 2008-10-26 13:20 . 2004-09-07 01:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll 2008-10-26 13:20 . 2002-02-05 00:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV 2008-10-26 13:20 . 2005-08-17 05:39 90,112 -ra------ c:\windows\SOUNDMAN.EXE 2008-10-26 13:20 . 2005-07-15 03:48 40,960 -r------- c:\windows\system32\ChCfg.exe 2008-10-26 13:20 . 2001-07-05 11:19 164 -r------- c:\windows\avrack.ini 2008-10-26 13:19 . 2008-10-26 13:19 <DIR> d-------- c:\program files\Marvell 2008-10-26 13:18 . 2004-11-01 04:45 1,030,656 -ra------ c:\windows\copy.avi 2008-10-26 13:18 . 2004-12-13 22:01 1,030,656 -ra------ c:\windows\16copy.avi 2008-10-26 13:18 . 2000-03-29 09:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2008-10-26 13:18 . 2004-08-12 21:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys 2008-10-26 13:15 . 2002-04-11 20:21 13,335 --a------ c:\windows\system32\drivers\usbcm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 16:45 --------- d-----w c:\program files\Steam 2008-11-08 00:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 18:19 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-26 17:42 --------- d-----w c:\program files\microsoft frontpage 2008-10-26 17:39 --------- d-----w c:\program files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} ---- ((((((((((((((((((((((((((((( snapshot@2008-11-13_18.39.50.41 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-15 14:05:32 884,736 ----a-w c:\windows\gmer.dll + 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-11-15 14:05:32 85,969 ----a-w c:\windows\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2008-10-26 1410296] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\sforce33\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-01 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-01 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-01 90632] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-01 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704] *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 17:47:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-16 17:48:48 ComboFix-quarantined-files.txt 2008-11-16 22:48:19 ComboFix2.txt 2008-11-16 22:11:29 ComboFix3.txt 2008-11-13 23:40:33 Pre-Run: 277,729,869,824 bytes free Post-Run: 277,737,586,688 bytes free 183 Here is new hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:50 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Steam\Steam.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4043 bytes |
|
|
|
|
11-16-2008, 04:26 PM
|
#10 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
It appears that you ran the script with ComboFix twice.
Go Start > Run and copy/paste the following into the Run box and click OK: C:\Qoobox\ComboFix2.txt Post ComboFix2.txt here for review. |
|
|
|
|
11-16-2008, 06:48 PM
|
#11 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Re: Help me understand My log file?
Sorry for the inconvenience,
ComboFix 08-11-16.01 - Administrator 2008-11-16 17:09:22.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1021 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wr74203.dll c:\windows\system32\xa491081156.exe c:\windows\system32\xa491081437.exe c:\windows\system32\xwr74203.dll . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\windows\LastGood 2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\program files\Hamachi 2008-11-16 16:53 . 2008-11-16 17:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Hamachi 2008-11-16 16:53 . 2008-11-16 16:53 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-11-15 09:05 . 2008-11-15 09:05 250 --a------ c:\windows\gmer.ini 2008-11-13 19:57 . 2008-11-13 19:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire 2008-11-13 19:33 . 2008-11-15 08:03 <DIR> d-------- c:\windows\system32\NtmsData 2008-11-12 19:28 . 2008-11-12 19:28 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 19:26 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Bonjour 2008-11-10 18:26 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-11-08 12:20 . 2008-11-08 12:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\program files\NOS 2008-11-08 12:18 . 2008-11-13 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-11-07 19:59 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire 2008-11-07 19:58 . 2008-11-12 00:13 <DIR> d-------- c:\program files\Xfire 2008-11-07 19:58 . 2008-11-07 19:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoins.dll 2008-11-07 19:08 . 2005-08-18 03:52 289,792 -ra------ c:\windows\system32\idecoi.dll 2008-11-07 19:08 . 2005-08-03 00:51 176,128 --a------ c:\windows\system32\nvuide.exe 2008-11-07 19:08 . 2005-08-18 03:52 93,568 -ra------ c:\windows\system32\drivers\nvatabus.sys 2008-11-07 19:08 . 2005-08-03 00:52 33,280 -ra------ c:\windows\system32\NVCOI.DLL 2008-11-07 19:08 . 2005-06-29 10:26 1,537 --a------ c:\windows\system32\nvide.nvu 2008-11-07 19:03 . 2008-11-07 19:03 <DIR> d-------- c:\program files\AMD 2008-11-07 19:03 . 2005-03-09 15:53 36,352 --a------ c:\windows\system32\drivers\AmdK8.sys 2008-11-07 19:01 . 2005-09-28 11:08 176,128 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-07 19:00 . 2005-09-06 03:29 810,056 -ra------ c:\windows\system32\SATA.bmp 2008-11-07 19:00 . 2008-11-07 19:00 26,850 --a------ c:\windows\Ascd_tmp.ini 2008-11-07 19:00 . 2005-09-07 23:40 266 -ra------ c:\windows\system32\raidmgmt.ini 2008-11-01 12:00 . 2008-11-14 12:17 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-01 11:29 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\acccore 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\Common Files\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM Search 2008-11-01 11:28 . 2008-11-16 16:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-01 11:28 . 2008-11-01 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar 2008-11-01 11:28 . 2008-11-01 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2008-11-01 11:27 . 2008-11-01 11:28 <DIR> d-------- c:\program files\AIM6 2008-11-01 11:27 . 2008-11-01 11:28 468 --ah----- C:\IPH.PH 2008-11-01 10:40 . 2008-11-16 08:39 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\program files\AVG 2008-11-01 10:40 . 2008-11-01 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-01 10:40 . 2008-11-02 08:40 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-01 10:40 . 2008-11-06 09:35 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-01 10:40 . 2008-11-01 10:40 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys 2008-11-01 10:40 . 2008-11-01 10:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-01 10:06 . 2008-11-01 10:06 600 --a------ c:\windows\eReg.dat 2008-11-01 09:42 . 1999-05-12 19:00 1,064,456 --a------ c:\windows\system32\MSCOMCTL.OCX 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- c:\program files\Maxis 2008-11-01 09:40 . 2008-11-01 09:40 <DIR> d-------- C:\~MSSETUP.T 2008-11-01 09:39 . 2008-11-01 09:39 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-11-01 09:39 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe 2008-11-01 08:05 . 2008-11-01 16:17 <DIR> d-------- C:\Applications Folder 2008-10-31 04:36 . 2008-11-03 17:40 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-10-31 04:36 . 2008-10-31 04:36 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924 2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d-------- C:\drivers 2008-10-29 20:25 . 2008-10-29 20:25 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\program files\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch 2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield 2008-10-26 18:29 . 2004-09-17 11:09 1,060,864 --a------ c:\windows\system32\MFC71.dll 2008-10-26 18:29 . 2005-02-28 12:37 606,293 --a------ c:\windows\system32\wbocx.ocx 2008-10-26 18:29 . 2004-02-12 17:16 499,712 --a------ c:\windows\system32\msvcp71.dll 2008-10-26 18:29 . 2004-12-06 14:26 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-10-26 18:29 . 2005-02-28 12:37 50,688 --a------ c:\windows\system32\wbhelp2.dll 2008-10-26 18:16 . 2008-10-26 18:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-26 17:58 . 2008-10-26 17:58 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-10-26 17:57 . 2008-11-12 19:26 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\program files\PowerISO 2008-10-26 15:23 . 2008-10-26 15:23 0 --a------ c:\windows\nsreg.dat 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek Sound Manager 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\Realtek AC97 2008-10-26 13:20 . 2008-10-26 13:20 <DIR> d-------- c:\program files\AvRack 2008-10-26 13:20 . 2005-08-17 05:25 18,771,968 -ra------ c:\windows\system32\ALSNDMGR.CPL 2008-10-26 13:20 . 2005-08-17 05:21 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE 2008-10-26 13:20 . 2005-08-19 04:31 3,644,800 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS 2008-10-26 13:20 . 2005-08-12 05:40 307,200 -r------- c:\windows\alcupd.exe 2008-10-26 13:20 . 2005-08-12 04:35 212,992 -r------- c:\windows\alcrmv.exe 2008-10-26 13:20 . 2004-09-07 01:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll 2008-10-26 13:20 . 2002-02-05 00:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV 2008-10-26 13:20 . 2005-08-17 05:39 90,112 -ra------ c:\windows\SOUNDMAN.EXE 2008-10-26 13:20 . 2005-07-15 03:48 40,960 -r------- c:\windows\system32\ChCfg.exe 2008-10-26 13:20 . 2001-07-05 11:19 164 -r------- c:\windows\avrack.ini 2008-10-26 13:19 . 2008-10-26 13:19 <DIR> d-------- c:\program files\Marvell 2008-10-26 13:18 . 2004-11-01 04:45 1,030,656 -ra------ c:\windows\copy.avi 2008-10-26 13:18 . 2004-12-13 22:01 1,030,656 -ra------ c:\windows\16copy.avi 2008-10-26 13:18 . 2000-03-29 09:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2008-10-26 13:18 . 2004-08-12 21:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys 2008-10-26 13:15 . 2002-04-11 20:21 13,335 --a------ c:\windows\system32\drivers\usbcm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 16:45 --------- d-----w c:\program files\Steam 2008-11-08 00:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 18:19 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-26 17:42 --------- d-----w c:\program files\microsoft frontpage 2008-10-26 17:39 --------- d-----w c:\program files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} ---- ((((((((((((((((((((((((((((( snapshot@2008-11-13_18.39.50.41 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-15 14:05:32 884,736 ----a-w c:\windows\gmer.dll + 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-11-15 14:05:32 85,969 ----a-w c:\windows\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}] [HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2008-10-26 1410296] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\sforce33\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-01 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-01 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-01 90632] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-01 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 17:10:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-16 17:11:27 ComboFix-quarantined-files.txt 2008-11-16 22:11:03 ComboFix2.txt 2008-11-13 23:40:33 Pre-Run: 277,642,821,632 bytes free Post-Run: 277,728,120,832 bytes free 188 |
|
|
|
|
11-16-2008, 07:28 PM
|
#12 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello, Seeker33. Thanks for submitting the file. Please tell us how your system is behaving.
Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any) R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file) Please remember to close all other windows, including browsers then click Fix checked. Please close HijackThis now. ------------------------------------------------------ We need to install Java on your machine in order to run an online scan with Kaspersky.
Please download ATF-Cleaner by Atribune and Save it to your Desktop.
For Technical Support, double-click the e-mail address located at the bottom of each menu. ------------------------------------------------------ Please run this online scan to help look for remnants. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions.
 **Note** To optimize scanning time and produce a more sensible report for review:
------------------------------------------------------ Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here. Please close HijackThis now. ------------------------------------------------------ Please post the following in your next reply: Kaspersky report new HijackThis log report on system behavior |
|
|
|
|
11-17-2008, 04:28 PM
|
#13 (permalink) |
|
Registered User
Join Date: Nov 2008
Posts: 10
OS: xp
|
Re: Help me understand My log file?
Chemist,
My PC has has been on the slower side. Since the first post the time clock has changed to military time then sometimes turns back. Odd. Some gaming has been interrupted by this problem. Choppiness has gone up. I'm not sure why. Here is the Kaspersky report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, November 17, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, November 17, 2008 03:50:44 Records in database: 1389091 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 62304 Threat name: 2 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:50:56 File name / Threat name / Threats count C:\Documents and Settings\Administrator\My Documents\Downloads\mame.plus32.rar Infected: not-a-virus:NetTool.Win32.Agent.ad 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\jlgnwwwg.dll.vir Infected: Email-Worm.Win32.Zhelatin.ahu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kqskje.dll.vir Infected: Email-Worm.Win32.Zhelatin.ahu 1 The selected area was scanned. Here is new hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:28:00 PM, on 11/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4048 bytes |
|
|
|
|
11-17-2008, 06:56 PM
|
#14 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Hello again, Seeker33. Don't worry about your clock. ComboFix did that. It will revert to normal when we uninstall ComboFix.
Two of the finds by Kaspersky are in ComboFix's quarantine folder and will also be deleted later. ------------------------------------------------------ Delete the following File if it still exists: C:\Documents and Settings\Administrator\My Documents\Downloads\mame.plus32.rar Empty your Recycle Bin if it is not emptied automatically. ------------------------------------------------------ Nothing else showing in your logs. Not sure about the gaming. I'm not a gamer. Read here and see if it helps: http://www.techsupportforum.com/secu...ning-slow.html Let me know how your system behaves over the next day or so. |
|
|
|
|
11-19-2008, 02:40 PM
|
#18 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,696
OS: XP SP3
|
Re: Help me understand My log file?
Never heard of the clock reverting by itself. I wouldn't worry about it.
Congratulations. Well done! Your logs appear clean. You should be good to go. Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK: C:\WINDOWS\gmer_uninstall.cmd Press any key to continue once you see that message. ------------------------------------------------------ As far as those infected objects listed in the Kaspersky report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now. Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK: combofix /uThis will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore points which contain previous infections, and create a fresh, clean System Restore point. Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already. You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix. ------------------------------------------------------ MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
Please respond to this thread one more time so we can mark this thread as resolved. |
|
|
|
| Thread Tools | |
|
|
