|
|
JarvMar
new user
Reg'd: Thu
Posts: 5
|
|
Hello mr Moderator
My desktop icons and taskbar keep disappearing every ten seconds or so. I noticed another member had a similar problem.
Here is my HJT Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:05:40, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Skype\Phone\Skype.exe
G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Adobe Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] G:\Adobe Reader 8\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D525E6-2698-4E0A-936F-E5F56949C112}: NameServer = 213.208.106.212,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AdobeVersionCue - Adobe Sytems - G:\Program Files\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5795 bytes
This only started in the last couple of days.
Thank you.
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28258
Loc: belfast
|
|
Welcome to the Webuser forum. 
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
JarvMar
new user
Reg'd: Thu
Posts: 5
|
|
Thank you. I will let you know when I have done it.
J
|
JarvMar
new user
Reg'd: Thu
Posts: 5
|
|
Thank you, Thank you, Thank you for fixing my machine. Can you let me know what the problem was so it doesn't happen again.
Here is my combofix logfile:
ComboFix 08-03-13.1 - JarvMarSuperstar 2008-03-14 3:38:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.559 [GMT 0:00]
Running from: C:\Documents and Settings\JarvMarSuperstar\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\JarvMarSuperstar\Start Menu\Programs\InternetGameBox
C:\Documents and Settings\JarvMarSuperstar\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\JarvMarSuperstar\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\JarvMarSuperstar\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\JarvMarSuperstar\Start Menu\Programs\InternetGameBox\Website.lnk
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\kmnthxlil.dat
C:\WINDOWS\system32\kmnthxlil.exe
C:\WINDOWS\system32\kmnthxlil_nav.dat
C:\WINDOWS\system32\kmnthxlil_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\vturs.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SFSYNC02
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.
2008-03-14 03:33 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-03-13 18:48 . 2008-03-13 18:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-13 07:03 . 2004-08-04 01:07 577,024 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-03-13 07:00 . 2008-03-13 07:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-13 06:37 . 2008-03-13 07:14 <DIR> d-------- C:\SDFix
2008-03-13 04:33 . 2008-03-13 04:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 03:59 . 2008-03-13 03:59 749 -r-h----- C:\WINDOWS\WindowsShell.Manifest
2008-03-13 03:59 . 2008-03-13 03:59 749 -r-h----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-13 03:59 . 2008-03-13 03:59 749 -r-h----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-13 03:59 . 2008-03-13 03:59 749 -r-h----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-13 03:59 . 2008-03-13 03:59 749 -r-h----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-13 03:59 . 2008-03-13 03:59 488 -r-h----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-13 03:50 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-03-13 03:50 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-03-13 03:50 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-03-13 03:36 . 2004-08-04 01:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-13 03:36 . 2004-08-04 01:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-12 19:37 . 2008-03-12 19:37 156 --------- C:\WINDOWS\Twunk001.MTX
2008-03-12 19:37 . 2008-03-12 19:37 2 --------- C:\WINDOWS\Twain001.Mtx
2008-03-12 19:37 . 2008-03-12 19:37 0 --------- C:\WINDOWS\Twunk002.MTX
2008-03-12 19:36 . 2008-03-12 19:36 <DIR> d-------- C:\Documents and Settings\JarvMarSuperstar\Application Data\Thinstall
2008-03-12 02:42 . 2008-03-12 02:43 <DIR> d-------- C:\Program Files\vghd
2008-02-21 02:05 . 2008-02-21 02:05 1,044,480 -----c--- C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:05 . 2008-02-21 02:05 200,704 -----c--- C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 03:33 --------- d-----w C:\Documents and Settings\JarvMarSuperstar\Application Data\Skype
2008-02-25 13:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-03 14:47 25,992 -c----w C:\Documents and Settings\JarvMarSuperstar\Application Data\GDIPFONTCACHEV1.DAT
2007-10-05 13:32 56 --sh--w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"Adobe Reader Speed Launcher"="G:\Adobe Reader 8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"PC Suite Tray"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
"sclauncher"="G:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 10:40 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="G:\Adobe Reader 8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:07 208952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjggge]
ljjggge.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Program Files\\VeohClient.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=
"C:\\Program Files\\DMV\\MaxTV\\recorder.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"G:\\Downloads\\ppstream_english\\PPStream.exe"=
"G:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"G:\\Program Files\\Qnext\\qnext.exe"=
"G:\\Program Files\\Qnext\\qnextclient.exe"=
"C:\\Program Files\\VIPER TV PLAYER (v 7.1.1)\\VIPER TV PLAYER (v 7.1.1).exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\JarvMarSuperstar\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"G:\\Program Files\\iTunes.exe"=
"G:\\Program Files\\realplay.exe"=
"G:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"G:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Documents and Settings\\JarvMarSuperstar\\Application Data\\Thinstall\\Adobe Photoshop CS3\\4000005700003h\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24243:TCP"= 24243:TCP:BitComet 24243 TCP
"24243:UDP"= 24243:UDP:BitComet 24243 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"23661:TCP"= 23661:TCP:BitComet 23661 TCP
"23661:UDP"= 23661:UDP:BitComet 23661 UDP
"49153:TCP"= 49153:TCP:BitComet 49153 TCP
"49153:UDP"= 49153:UDP:BitComet 49153 UDP
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 13:48]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 13:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-06-13 14:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 BTNDIS;SmartM - Bluetooth PAN Driver;C:\WINDOWS\system32\DRIVERS\btndis.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61394ecf-e43e-11db-9df4-00051658ba42}]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 20:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 03:42:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-03-14 3:45:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 03:45:27
.
2008-03-14 03:00:27 --- E O F ---
and my HJT logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:55:08, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Adobe Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] G:\Adobe Reader 8\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D525E6-2698-4E0A-936F-E5F56949C112}: NameServer = 213.208.106.212,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjggge - ljjggge.dll (file missing)
O23 - Service: AdobeVersionCue - Adobe Sytems - G:\Program Files\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6933 bytes
Once again thank you.
J
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28258
Loc: belfast
|
|
It looks like you've managed to pick up a few infections, but combofix has cleared most of them.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
Folder::
C:\Program Files\vghd
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\ljjggge]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Then :-
Rerun HJT,and put a checkmark beside these :-
O20 - Winlogon Notify: ljjggge - ljjggge.dll (file missing)
now close all windows and browsers and click FIX CHECKED
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
JarvMar
new user
Reg'd: Thu
Posts: 5
|
|
Thank so so much, my machine is running like a dream now. I think I may have inherited a few viruses when I got this pc of my mate. Oh well, I think it's all clean now.
HJT Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:39, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Adobe Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] G:\Adobe Reader 8\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1205505499921
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D525E6-2698-4E0A-936F-E5F56949C112}: NameServer = 213.208.106.212,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AdobeVersionCue - Adobe Sytems - G:\Program Files\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7095 bytes
And My Combofix logfile:
ComboFix 08-03-13.1 - JarvMarSuperstar 2008-03-14 15:05:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.716 [GMT 0:00]
Running from: C:\Documents and Settings\JarvMarSuperstar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JarvMarSuperstar\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\vghd
C:\Program Files\vghd\uninstall1205289772.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.
2008-03-14 14:38 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-03-14 14:26 . 2008-03-14 14:26 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-14 14:26 . 2008-03-14 14:26 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-14 14:26 . 2008-03-14 14:26 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-14 14:26 . 2008-03-14 14:26 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-14 14:26 . 2008-03-14 14:26 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-14 14:26 . 2008-03-14 14:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-14 14:08 . 2004-08-04 01:07 1,086,058 -ra------ C:\WINDOWS\SET53.tmp
2008-03-14 14:08 . 2004-08-04 01:07 1,042,903 -ra------ C:\WINDOWS\SET50.tmp
2008-03-14 14:08 . 2004-08-04 01:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-14 14:08 . 2004-08-04 01:07 13,753 -ra------ C:\WINDOWS\SET5F.tmp
2008-03-14 14:08 . 2004-08-04 01:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-14 07:20 . 2008-03-14 07:20 <DIR> d-------- C:\Program Files\IObit
2008-03-13 18:48 . 2008-03-13 18:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-13 07:00 . 2008-03-13 07:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-13 06:37 . 2008-03-13 07:14 <DIR> d-------- C:\SDFix
2008-03-13 04:33 . 2008-03-13 04:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 19:37 . 2008-03-12 19:37 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-03-12 19:37 . 2008-03-12 19:37 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-03-12 19:37 . 2008-03-12 19:37 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-03-12 19:36 . 2008-03-12 19:36 <DIR> d-------- C:\Documents and Settings\JarvMarSuperstar\Application Data\Thinstall
2008-02-21 02:05 . 2008-02-21 02:05 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:05 . 2008-02-21 02:05 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:58 --------- d-----w C:\Documents and Settings\JarvMarSuperstar\Application Data\Skype
2008-02-25 13:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-03 14:47 25,992 -c----w C:\Documents and Settings\JarvMarSuperstar\Application Data\GDIPFONTCACHEV1.DAT
2007-10-05 13:32 56 --sh--w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-14_ 3.45.10.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 13:45:26 209,632 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-04 14:45:26 209,632 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- 2005-05-04 13:45:28 371,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2005-05-04 14:45:28 371,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- 2008-03-13 04:02:42 319,488 -c-h--w C:\WINDOWS\repair\ntuser.dat
+ 2008-03-14 14:27:30 331,776 -c-ha-w C:\WINDOWS\repair\ntuser.dat
- 2008-03-13 04:07:54 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-14 14:31:44 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-13 04:07:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-14 14:31:44 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-14 14:31:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat
- 2008-03-13 04:07:54 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-14 14:31:44 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-30 18:18:40 33,624 -c----w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 19:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 19:19:28 203,096 -c----w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 19:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2008-03-13 03:57:52 23,316 -c----w C:\WINDOWS\system32\emptyregdb.dat
+ 2008-03-14 14:24:57 23,392 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
- 2007-04-24 10:32:06 1,485,696 -c----w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 14:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-08-04 01:07:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 14:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 01:07:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 14:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 01:07:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 14:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 01:07:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 14:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 01:07:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 14:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2008-03-13 04:10:12 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-14 14:40:00 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-13 04:10:12 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-14 14:40:00 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-07-30 19:19:36 549,720 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
- 2007-07-30 18:18:40 33,624 -c----w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 19:18:40 33,624 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 19:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-30 19:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 19:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-03-14 15:08:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
+ 2004-08-04 01:07:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\69877\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"Adobe Reader Speed Launcher"="G:\Adobe Reader 8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"PC Suite Tray"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
"sclauncher"="G:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 10:40 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="G:\Adobe Reader 8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:07 208952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:07 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjggge]
ljjggge.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Program Files\\VeohClient.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=
"C:\\Program Files\\DMV\\MaxTV\\recorder.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"G:\\Downloads\\ppstream_english\\PPStream.exe"=
"G:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"G:\\Program Files\\Qnext\\qnext.exe"=
"G:\\Program Files\\Qnext\\qnextclient.exe"=
"C:\\Program Files\\VIPER TV PLAYER (v 7.1.1)\\VIPER TV PLAYER (v 7.1.1).exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\JarvMarSuperstar\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"G:\\Program Files\\iTunes.exe"=
"G:\\Program Files\\realplay.exe"=
"G:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"G:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"G:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Documents and Settings\\JarvMarSuperstar\\Application Data\\Thinstall\\Adobe Photoshop CS3\\4000005700003h\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24243:TCP"= 24243:TCP:BitComet 24243 TCP
"24243:UDP"= 24243:UDP:BitComet 24243 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"23661:TCP"= 23661:TCP:BitComet 23661 TCP
"23661:UDP"= 23661:UDP:BitComet 23661 UDP
"49153:TCP"= 49153:TCP:BitComet 49153 TCP
"49153:UDP"= 49153:UDP:BitComet 49153 UDP
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 13:48]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 13:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-06-13 14:22]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 BTNDIS;SmartM - Bluetooth PAN Driver;C:\WINDOWS\system32\DRIVERS\btndis.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61394ecf-e43e-11db-9df4-00051658ba42}]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 20:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 15:09:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2008-03-14 15:12:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 15:12:30
ComboFix2.txt 2008-03-14 03:45:38
.
2008-03-14 13:53:55 --- E O F ---
Thank you again.
J 
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28258
Loc: belfast
|
|
I don't see a firewall installed,if you are relying on the windows firewall, it is rubbish.
Go HERE and get a free software one.
that looks clean now.
DISABLE SYSTEM RESTORE
To flush out infected restore points.
Then restart your system restore.(same page).then create a new restore point :-
click START\ALL PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE. click on "create new restore point"
click on NEXT and follow the prompts.
this is to ensure that if you have to do a system restore in the future that you don't get all the infections reinstalled again.
Then :-
Download and scan with CCleaner - Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
JarvMar
new user
Reg'd: Thu
Posts: 5
|
|
Wow, it feels like I have a brand new pc, it's lightning fast now. I have included (hopefully for the last time) a new HJT logfile so you can see all the progress. Thank you for taking me through removal of nasties step by step. I have installed all the antivirus/spyware applications so hopefully will not get re-infected.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:57, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
G:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Documents and Settings\JarvMarSuperstar\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] G:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Adobe Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] G:\Adobe Reader 8\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1205505499921
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D525E6-2698-4E0A-936F-E5F56949C112}: NameServer = 213.208.106.212,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AdobeVersionCue - Adobe Sytems - G:\Program Files\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 7898 bytes
Thank you so much Bricat, you are a godsend.
J
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28258
Loc: belfast
|
|
That looks clean.
Happy to help.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
|
0 registered and 53 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
