Tech Support Forum banner
Cancel

hijacked in Okla

1005 Views 1 Reply 1 Participant Last post by  caldera
C
computer won't go to certian wesites. I can not even go to step 2 on the "before you send hijack log" I read some of the other post and tried the ComboFix and have included the log. I can't download HJT at this time. Internet Explorer just shows a white screen and never loads? I'm sorry for the incomplete info. It's all I know to do.

thanks in advance!!!!
-jason


ComboFix 08-05-21.3 - Larry 2008-05-23 19:28:27.2 - NTFSx86
Running from: C:\Documents and Settings\Larry\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-23 18:28 . 2008-05-23 18:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-23 18:28 . 2008-05-23 18:29 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\AVG7
2008-05-23 17:14 . 2008-05-23 17:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 17:14 . 2008-05-23 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 16:44 . 2008-05-23 18:16 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\U3
2008-05-22 20:59 . 2008-05-22 20:59 <DIR> d-------- C:\Program Files\Panda Security
2008-05-17 13:35 . 2008-05-23 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-17 13:28 . 2003-05-29 19:12 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-17 13:27 . 2008-05-17 13:27 1,396 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-17 12:56 . 2006-02-28 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-17 12:55 . 2006-02-28 07:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-05-17 12:54 . 2006-02-28 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-17 12:53 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-05-17 12:49 . 2008-05-17 12:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-17 12:49 . 2008-05-17 12:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-17 12:49 . 2008-05-17 12:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-17 12:49 . 2008-05-17 12:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-17 12:49 . 2008-05-17 12:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-17 12:48 . 2006-02-28 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-17 12:36 . 2006-02-28 07:00 14,573 -ra------ C:\WINDOWS\SETA5.tmp
2008-05-17 12:35 . 2006-02-28 07:00 1,086,058 -ra------ C:\WINDOWS\SET66.tmp
2008-05-17 12:35 . 2006-02-28 07:00 1,042,903 -ra------ C:\WINDOWS\SET63.tmp
2008-05-17 12:35 . 2006-02-28 07:00 13,753 -ra------ C:\WINDOWS\SET72.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-23 21:53 --------- d-----w C:\Documents and Settings\Larry\Application Data\MSN6
2008-05-22 21:58 --------- d-----w C:\Program Files\Yahoo!
2008-05-22 21:56 --------- d-----w C:\Program Files\Canon
2008-04-24 15:34 --------- d-----w C:\Program Files\remoteAP
2008-04-07 14:39 --------- d-----w C:\Documents and Settings\Larry\Application Data\Canon
2008-03-27 21:48 381,459 ----a-w C:\WINDOWS\system32\Instcodec.exe
2008-03-27 19:18 --------- d-----w C:\Program Files\Common Files\AOL
.

((((((((((((((((((((((((((((( [email protected]_18.10.46.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 22:55:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 23:25:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 23:27:55 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-05-23 23:28:00 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-05-23 23:28:00 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-05-23 23:28:02 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-05-23 23:28:01 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-05-23 23:28:01 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2008-05-23 23:40:54 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-05-29 19:26 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-05-29 19:14 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-03-30 08:40 122880]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 18:16 172032]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 18:19 638976]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 20:03 135168]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 17:24 49152]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 15:21 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-22 16:55 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 06:42 176128]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-22 11:51 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1187627992\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-23 18:27 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-23 18:27 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-22 15:23:51 113664]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-08-12 18:51:05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Toshiba\\Ivp\\NetInt\\Netint.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1187627992\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2006-07-10 12:44]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys [2002-06-28 18:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 17:35:00 C:\WINDOWS\Tasks\WebReg 20040802123519.job"
- C:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20040802123519 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 19:31:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-23 19:32:49
ComboFix-quarantined-files.txt 2008-05-24 00:32:35
ComboFix2.txt 2008-05-23 23:11:11

Pre-Run: 48,881,176,576 bytes free
Post-Run: 48,870,428,672 bytes free

139 --- E O F --- 2008-05-23 21:40:55
See less See more
Save
Like
Status
Not open for further replies.
1 - 2 of 2 Posts
C
please delete this post! I posted again from a different computer using a jumpdrive

sorry to waste your time!

-jason
Save
Like
1 - 2 of 2 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top