Jump to content

goinsey

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by goinsey

  1. goinsey
    Sorry for the delay here are the logs, thank you again and everything seems fine at the moment. 2009-07-22, 11:05:21, Auto-clean mode specified. 2009-07-22, 11:05:21, Initialized Rootkit Driver version 2.2.0.1004. 2009-07-22, 11:05:21, Running scanner "D:\Documents and Settings\mr_goines\Desktop\sysclean package\TSC.BIN"... 2009-07-22, 11:05:45, Scanner "D:\Documents and Settings\mr_goines\Desktop\sysclean package\TSC.BIN" has finished running. 2009-07-22, 11:05:45, TSC Log:
  2. goinsey
    thank you for the assist, here are the logs combofix ComboFix 09-07-19.04 - mr_goines 20/07/2009 10:39.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.502 [GMT 1:00] Running from: d:\documents and settings\mr_goines\Desktop\ComboFixed.exe Command switches used :: d:\documents and settings\mr_goines\Desktop\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\program files\AntiMalware_Pro\AntiMalware_Pro.exe" "d:\documents and settings\mr_goines\Desktop\winlogon.exe" "d:\documents and settings\mr_goines\LOCAL Settings\Temp\b.exe" "d:\documents and settings\mr_goines\Temp\is-MJUC5.tmp\winlogon.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\recycler c:\windows\Installer\4e3b58.msp c:\windows\Installer\4e3b59.msp c:\windows\Installer\56659.msi c:\windows\Installer\WMEncoder.msi c:\windows\kb913800.exe c:\windows\system32\drivers\UACmlrqqtgepxdynsbpf.sys c:\windows\system32\MSVolumeAMP.dll c:\windows\system32\msxml71.dll c:\windows\system32\UACbodulkdnhlvymujel.dll c:\windows\system32\UACgmhsqbijnlrmgjcxj.db c:\windows\system32\uacinit.dll c:\windows\system32\UACkhbobuypulfnaqjow.dll c:\windows\system32\UACndebxdjdlbojnmteg.dll c:\windows\system32\UACnkdktltxqbxuwkkyp.dll c:\windows\system32\UACviydumwjjqibotkeh.dll c:\windows\system32\UACvxhmsiltqtoexrpbr.dat d:\documents and settings\mr_goines\Desktop\winlogon.exe D:\recycler . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))) . 2009-07-20 09:08 . 2009-07-20 09:08 -------- d-----w- c:\program files\ERUNT 2009-07-19 14:09 . 2009-07-19 14:09 54 ----a-w- c:\windows\system32\rp_stats.dat 2009-07-19 14:09 . 2009-07-19 14:09 39 ----a-w- c:\windows\system32\rp_rules.dat 2009-07-19 14:01 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-19 14:01 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-19 14:01 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-19 14:01 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-19 14:01 . 2009-07-19 14:01 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Avira 2009-07-19 14:01 . 2009-07-19 14:01 -------- d-----w- c:\program files\Avira 2009-07-19 13:43 . 2009-07-19 13:44 -------- d-----w- c:\program files\WinAce 2009-07-19 13:36 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-19 13:31 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-18 11:06 . 2009-07-18 11:34 -------- d-----w- d:\documents and settings\All Users\AVP 2009 2009-07-17 17:28 . 2009-07-17 17:28 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-14 19:30 . 2009-07-14 19:30 -------- d-----w- d:\documents and settings\mr_goines\Application Data\Template 2009-07-06 07:34 . 2009-07-06 07:34 8 ----a-w- c:\windows\system32\CtSACKey.sys 2009-07-04 12:50 . 2009-07-04 12:50 -------- d-----w- d:\documents and settings\mr_goines\Local Settings\Application Data\PunkBuster 2009-07-03 14:41 . 2009-07-03 14:41 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-06-24 12:02 . 2009-06-25 15:25 -------- d-sh--w- c:\windows\system32\xors32 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-19 13:36 . 2009-05-16 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-19 12:50 . 2009-04-20 20:20 -------- d-----w- c:\program files\Java 2009-07-17 20:30 . 2009-07-17 20:30 1063497 ----a-w- c:\windows\system32\rn.tmp 2009-07-15 20:43 . 2009-07-14 19:30 482 ----a-w- d:\documents and settings\mr_goines\Application Data\wklnhst.dat 2009-07-06 20:14 . 2009-06-10 11:42 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-06 20:13 . 2009-06-10 11:36 189488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-06 17:20 . 2009-04-20 13:31 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-03 14:41 . 2009-07-03 14:41 139152 ----a-w- d:\documents and settings\mr_goines\Application Data\PnkBstrK.sys 2009-07-03 14:41 . 2009-06-10 11:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-03 14:34 . 2009-05-04 15:10 -------- d-----w- c:\program files\EA GAMES 2009-07-03 14:19 . 2009-06-10 10:29 -------- d-----w- c:\program files\Electronic Arts 2009-07-03 13:30 . 2009-06-02 10:42 -------- d-----w- c:\program files\Creative 2009-06-26 10:21 . 2009-04-20 13:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-16 14:36 . 2004-09-10 13:57 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-09-10 13:57 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 08:53 . 2009-06-12 08:53 -------- d-----w- d:\documents and settings\mr_goines\Application Data\CyberLink 2009-06-12 08:50 . 2009-05-02 20:02 -------- d-----w- d:\documents and settings\mr_goines\Application Data\dvdcss 2009-06-10 18:35 . 2009-06-10 18:35 -------- d-----w- d:\documents and settings\mr_goines\Application Data\AdobeUM 2009-06-10 10:29 . 2009-04-20 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-09 11:00 . 2009-06-09 11:00 -------- d-----w- d:\documents and settings\mr_goines\Application Data\Apple Computer 2009-06-06 13:38 . 2009-06-06 13:38 -------- d--h--r- d:\documents and settings\mr_goines\Application Data\SecuROM 2009-06-06 13:38 . 2009-06-06 13:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-06-03 19:09 . 2004-09-10 13:57 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 13:51 . 2009-06-02 12:34 -------- d-----w- d:\documents and settings\mr_goines\Application Data\Creative 2009-06-02 12:34 . 2009-06-02 12:34 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Creative 2009-05-28 10:32 . 2009-05-07 10:45 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-27 18:42 . 2009-04-20 20:28 112640 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-27 18:25 . 2009-04-20 20:20 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-27 18:24 . 2009-05-27 18:24 -------- d-----w- c:\program files\Adobe Media Player 2009-05-27 18:20 . 2009-05-27 18:20 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-05-27 17:54 . 2009-05-27 17:54 -------- d-----w- c:\program files\7-Zip 2009-05-23 11:22 . 2009-05-23 11:22 -------- d-----w- c:\program files\SystemRequirementsLab 2009-05-23 11:22 . 2009-05-23 11:22 -------- d-----w- d:\documents and settings\mr_goines\Application Data\SystemRequirementsLab 2009-05-18 10:32 . 2009-05-07 10:31 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-05-07 15:32 . 2004-09-10 13:57 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 08:39 . 2009-04-20 13:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-04 08:39 . 2009-04-20 13:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-29 04:56 . 2004-09-10 13:57 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-09-10 13:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 08:57 . 2004-09-10 14:36 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-15 13:47 . 2009-04-20 13:09 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-19 26112] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016] "O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-28 198184] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-10-18 557056] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-04 08:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\O2\\bin\\wificfg.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/05/2009 11:31 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/04/2009 14:31 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/04/2009 14:31 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/07/2009 15:01 108289] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [06/07/2009 18:20 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/04/2009 14:31 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [19/05/2006 15:38 799744] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [19/05/2006 15:41 7040] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) HKLM-Run-internat - c:\windows\internat.exe . ------- Supplementary Scan ------- . uStart Page = file://c:\apps\IE\offline\uk.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - d:\docume~1\MR_GOI~1\APPLIC~1\Mozilla\Firefox\Profiles\arzkf99p.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: d:\documents and settings\mr_goines\Application Data\Mozilla\Firefox\Profiles\arzkf99p.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-20 10:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run internat = c:\windows\internat.exe?_ ?|????? @????|????????????$???@???????????????h???????S HKCU\Software\Microsoft\Windows\CurrentVersion\Run Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R????????????????T??? SB~ative Tech\MediaSour????????p???????????(?l?,???????????????I??b??????D~??B~??????B~??B~(?l?????????h???6?C~??C~??l?????????????????6?C~????4?A~p???????????????6?C~??????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2009-07-20 10:47 ComboFix-quarantined-files.txt 2009-07-20 09:46 Pre-Run: 6,656,143,360 bytes free Post-Run: 6,610,034,688 bytes free 209 MBAM log Malwarebytes' Anti-Malware 1.39 Database version: 2421 Windows 5.1.2600 Service Pack 3 20/07/2009 10:59:09 mbam-log-2009-07-20 (10-59-09).txt Scan type: Quick Scan Objects scanned: 96088 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\BlueRaTech (Trojan.DNSChanger) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: D:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Files Infected: d:\documents and settings\all users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:21, on 20/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\O2\bin\sprtsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\O2\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8384 bytes
  3. goinsey
    hello, i am quite new to this so i apologise if i'm just wasting folks time. anyway a trojan virus called win32trojandss has been detected on my pc, i have tried running MBAM but it does not run so i uninstalled followed the advice in a previous post as regards to it not running but still it did not work i also tried renaming it as winlogon but this too failed so i'm just gonna post my HJT log an hope that someone can help. cheers Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:35:09, on 19/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\O2\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\O2\bin\sprtsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe D:\Documents and Settings\mr_goines\Desktop\winlogon.exe D:\DOCUME~1\MR_GOI~1\LOCALS~1\Temp\is-MJUC5.tmp\winlogon.tmp C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\win32room.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [internat] C:\WINDOWS\internat.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Cognac] D:\DOCUME~1\MR_GOI~1\LOCALS~1\Temp\b.exe O4 - HKCU\..\Run: [AntiMalware_ProNET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8706 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.