Jump to content

HJT Log

WarShrike

By WarShrike
in Resolved Malware Removal Logs

 Share

Recommended Posts

WarShrike

WarShrike

Posted
Posted

Hi guys, need a little help. I've got a bit of an issue with a hijacker, I've cleared one a year ago, but this one has popped up recently and I can't track it down.

Thanks.

MWB Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5117

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/14/2010 7:36:08 PM

mbam-log-2010-11-14 (19-36-08).txt

Scan type: Quick scan

Objects scanned: 151712

Time elapsed: 18 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here's the DDS log:

DDS (Ver_10-11-10.01) - NTFSx86

Run by WarShrike at 21:48:19.60 on Sun 11/14/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.339 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Aston\aston.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\CoolMon\CoolMon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\32788R22FWJFW\License\iexplore.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

D:\Downloads\ryzd5vrz.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://co107w.col107.mail.live.com/mail/TodayLight.aspx?n=200856444&wa=wsignin1.0&n=1565144568

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {2bb4b268-69f6-4d47-8e74-ddd69d7734fd} - c:\windows\system32\mlJdAsTn.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sansaDispatch] c:\documents and settings\warshrike\application data\sandisk\sansa updater\SansaDispatch.exe

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG8_TRAY] c:\pro

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.