Jump to content

Recommended Posts

Someone changed my World of Warcraft account password yesterday, and I just want to make sure that my computer isn't infected. I ran both a full computer scan and rootkit scan in AVG, and I did a full scan in Spybot: Search and Destroy. AVG didn't find anything, and Spybot only found cookies, so I thought I'd get a Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:29:57 PM, on 9/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 4147 bytes

Is there anything suspect here?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Don't use code tags please.

Link to post
Share on other sites

  • 2 weeks later...

From MBAM:

-------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7750

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/19/2011 4:53:20 PM

mbam-log-2011-09-19 (16-53-20).txt

Scan type: Quick scan

Objects scanned: 151508

Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----------------------------------------------------

From DDS:

-----------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Erik at 19:42:52 on 2011-09-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1087 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe

svchost.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Erik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2539636-x86.exe

c:\7f928870bac70c0ab4b3488c01f99c03\Setup.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\WINDOWS\system32\MsiExec.exe

.

============== Pseudo HJT Report ===============

.

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

uRun: [Google Update] "c:\documents and settings\erik\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1

TCP: Interfaces\{EE30A89B-A118-4F8B-9957-4813EB650E8D} : DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-19 23:42:43 -------- d-----w- C:\7f928870bac70c0ab4b3488c01f99c03

2011-09-19 20:51:32 -------- d-----w- c:\documents and settings\erik\application data\NVIDIA

2011-09-19 20:47:47 -------- d-----w- c:\documents and settings\erik\application data\Malwarebytes

2011-09-19 20:47:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-19 20:47:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-19 20:47:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-19 20:40:52 -------- d-----w- c:\program files\DOOM 3 and Resurrection of Evil 1.3.1 with open coop

2011-09-19 19:54:16 -------- d-----w- c:\program files\uTorrent

2011-09-19 19:53:39 -------- d-----w- c:\documents and settings\erik\local settings\application data\uTorrent

2011-09-19 19:53:39 -------- d-----w- c:\documents and settings\erik\application data\uTorrent

2011-09-04 21:21:46 388096 ----a-r- c:\documents and settings\erik\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-04 21:21:46 -------- d-----w- c:\program files\Trend Micro

2011-09-04 20:42:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-04 20:42:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-31 06:08:24 -------- d-----w- c:\windows\system32\LogFiles

2011-08-31 02:43:58 -------- d-----w- c:\program files\World of Warcraft

2011-08-31 02:43:58 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-08-31 02:43:27 -------- d-----w- c:\documents and settings\all users\application data\Blizzard Entertainment

2011-08-31 00:01:03 -------- d-----w- c:\program files\AVG

.

==================== Find3M ====================

.

2011-09-01 02:52:12 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-09-01 02:52:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-09-01 02:51:54 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-08-30 23:36:31 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-08-30 20:59:49 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-30 20:59:49 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-30 02:54:26 93568 ----a-w- c:\windows\system32\drivers\nvata.sys

2011-08-30 02:54:26 33280 ----a-w- c:\windows\system32\NVCOI.DLL

2011-08-30 02:54:26 176128 ----a-w- c:\windows\system32\nvusmb.exe

2011-08-30 02:54:26 176128 ------w- c:\windows\system32\nvuide.exe

2011-08-30 02:54:25 289792 ----a-w- c:\windows\system32\idecoins.dll

2011-08-30 02:54:25 289792 ----a-w- c:\windows\system32\idecoi.dll

2011-08-30 02:54:20 209920 ----a-w- c:\windows\system32\drivers\nvsnpu.sys

2011-08-30 02:54:20 101120 ----a-w- c:\windows\system32\drivers\nvtcp.sys

2011-08-30 02:54:19 33280 ----a-w- c:\windows\system32\nvconrmins.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 19:44:17.64 ===============

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.