|
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:10, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1197771615\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1197771615\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1197771615\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1197771615\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197799537546
O17 - HKLM\System\CCS\Services\Tcpip\..\{B46FD7DC-DC7B-44DC-86A6-2423BFAEF83F}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9036 bytes
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
Can you tell us what we are looking for.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
You don't stop laughing when you get old, you get old when you stop laughing! 
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Hi, I am just trying to clean up. Computer was working fine until yesterday but is now running really slowly. Takes ages for the desktop to open up and web browsing is really slow too. It might have something to do with my wife installing software to send ecards which she did the other day. I have tried to clean up by going through add/remove programs, but it has not made a lot of difference I had hoped you might be able to see something I cant.
I have run AVG woth no problems, and Spyware Terminator, which discovered 233 threats ( I usually do it weekly and find no threats !!!! ) which were all low risk.
I have windows xp home and use zone alarm as my firewall if that helps.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
I don't see anything in the HJT log.
have you tried a system restore to a point before the trouble started (yesterday) ?
To start System Restore, follow these steps:
1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore.
The first time you use System Restore, there are two options on the Welcome page:
• Restore my computer to an earlier time
• Create a restore point
2. Click Restore my computer to an earlier time and click Next.
A calendar appears.
3. In the calendar, choose which Restore Point to roll your system back to.(before your problems started)
4. Click Next.
You are prompted to close all applications before completing the Restore process because the computer will restart.
5. Upon completion of the restart, a confirmation screen appears. Click OK to continue using your computer.
let us know how it goes.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
I have tried system restore but get but get a messages saying restoration cannot be completed. Also, when i restart the computer i am now getting a message on the desktop saying my active desktop has been turned off
any help appreciated
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
And save it to your DESKTOP.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
here it is......
ComboFix 08-04-08.5 - andy 2008-04-09 22:36:28.1 - NTFSx86
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-09 21:28 . 2008-04-09 21:28 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-09 17:02 . 2008-04-09 17:02 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-09 17:01 . 2008-04-09 17:01 <DIR> d-------- C:\Program Files\iTunes
2008-04-09 17:01 . 2008-04-09 17:01 <DIR> d-------- C:\Program Files\iPod
2008-04-09 17:01 . 2008-04-09 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-08 18:29 . 2008-04-08 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 13:26 . 2008-04-09 09:03 11,423 --a------ C:\logfile
2008-04-06 11:01 . 2008-04-09 17:02 <DIR> d-------- C:\Program Files\Kodak
2008-04-06 11:00 . 2008-04-09 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-03 21:42 . 2008-04-09 17:03 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Smilebox
2008-03-28 21:25 . 2008-03-31 16:34 <DIR> d-------- C:\Program Files\LimeWire
2008-03-27 00:14 . 2008-03-28 21:25 <DIR> d-------- C:\Documents and Settings\andy\Application Data\uTorrent
2008-03-15 11:13 . 2008-04-09 09:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 11:13 . 2008-03-15 11:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 11:57 . 2008-03-09 11:57 0 --a------ C:\WINDOWS\BBCAUTO.INI
2008-03-09 08:37 . 2008-03-09 08:37 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:57 160,264,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-09 16:57 1,875,932 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-09 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 16:02 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-09 16:02 --------- d-----w C:\Documents and Settings\andy\Application Data\Spyware Terminator
2008-04-09 16:01 --------- d-----w C:\Program Files\Apple Software Update
2008-04-09 12:27 1,823,744 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-09 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-08 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 17:16 3,767,808 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-07 17:16 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-07 10:54 --------- d-----w C:\Documents and Settings\andy\Application Data\Apple Computer
2008-04-06 17:33 --------- d-----w C:\Documents and Settings\andy\Application Data\AdobeUM
2008-04-06 15:44 --------- d-----w C:\Documents and Settings\andy\Application Data\AVG7
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-31 19:20 --------- d-----w C:\Documents and Settings\andy\Application Data\LimeWire
2008-03-28 20:12 1,801,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-20 23:02 --------- d-----w C:\Program Files\Bonjour
2008-03-20 21:50 3,022,848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-20 21:50 1,771,008 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-15 09:58 --------- d-----w C:\Program Files\QuickTime
2008-03-15 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-12 22:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-09 12:31 1,726,464 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-09 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-08 00:05 --------- d-----w C:\Program Files\Google
2008-03-07 01:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-07 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-07 00:26 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-07 00:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 00:25 --------- d-----w C:\Program Files\Windows Live
2008-03-07 00:25 --------- d-----w C:\Program Files\WinAce
2008-03-07 00:25 --------- d-----w C:\Program Files\Infogrames
2008-03-07 00:25 --------- d-----w C:\Program Files\DVD Shrink
2008-03-07 00:25 --------- d-----w C:\Documents and Settings\andy\Application Data\Thunderbird
2008-03-07 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2008-03-07 00:16 --------- d-----w C:\Program Files\Grisoft(4)
2008-03-07 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(4)
2008-03-06 23:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-03-03 08:07 3,107,328 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-28 19:40 --------- d-----w C:\Program Files\AOL 9.0
2008-02-26 20:38 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-24 16:24 2,326,019 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-22 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-22 09:06 1,635,840 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-12 19:36 --------- d-----w C:\Documents and Settings\andy\Application Data\Ahead
2008-02-10 11:30 --------- d-----w C:\Program Files\uTorrent
2008-02-10 11:00 --------- d-----w C:\Program Files\BitComet
2008-02-10 10:58 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-09 00:05 --------- d-----w C:\Program Files\Azureus
2008-02-09 00:05 --------- d-----w C:\Documents and Settings\andy\Application Data\uTorrent(2)
2008-02-09 00:05 --------- d-----w C:\Documents and Settings\andy\Application Data\Azureus
2008-02-03 22:21 1,558,528 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-03 10:23 1,556,480 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-23 19:59 5,751,431 ----a-w C:\WINDOWS\java\Packages\F7FVZ3HF.ZIP
2008-01-22 23:54 1,496,064 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-23 22:39 1,367,040 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
.
------- Sigcheck -------
2007-10-11 06:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 00:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-06-23 12:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2007-10-11 07:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 14:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2GDR\wininet.dll
2008-03-01 14:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\SP2QFE\wininet.dll
2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2gdr\wininet.dll
2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2qfe\wininet.dll
2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 12:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-02-10 11:58 360064 5ea8ef32e96a15c0c92e38b84b7502da C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-10 11:58 360064 5ea8ef32e96a15c0c92e38b84b7502da C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 01:05 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-13 01:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 23:22 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 18:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 20:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 17:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 14:47 16384]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 10:28 72192]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1197771615\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-25 21:29 26112]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-07 02:09 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 02:07 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-12-15 19:17:33 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-12-15 19:18:42 250992]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-08 01:05:17 125624]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2004-10-14 22:28:23 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1197771615\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21132:TCP"= 21132:TCP:BitComet 21132 TCP
"21132:UDP"= 21132:UDP:BitComet 21132 UDP
R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys [2003-08-15 14:56]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 17:52]
S3 oflpydin;oflpydin;C:\DOCUME~1\andy\LOCALS~1\Temp\oflpydin.sys []
*Newly Created Service* - ATWPKT2
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 11:10:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{451BA9CA-6EFD-4030-B392-114F7A21A0C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 22:41:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-09 22:42:17
ComboFix-quarantined-files.txt 2008-04-09 21:42:08
Pre-Run: 157,889,429,504 bytes free
Post-Run: 157,868,216,320 bytes free
.
2008-04-06 17:01:54 --- E O F ---
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
that looks clean.
try running sfc \scannow
to see if any system files are missing.
put your XP disc in the drive.
click on START\RUN and type CMD into the address bar and click OK.
At the DOS PROMPT type SFC /SCANNOW. note the space between SFC and /SCANNOW. hit enter.
let us know how it goes.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
thanks for your help.
my computer came with xp preinstalled. should I use the system restore disk to do this ?
Edited by ivansmagic (Wed Apr 09 2008 02:54 PM)
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
unfortunately the restore disc won't work.
Using Internet Explorer, click here to use the Eset Online Scanner.- Accept the terms of use and click the Start button.
- When prompted to install an ActiveX Control, click the yellow notification bar and select Install ActiveX Control..
- Click the Install button on the Security Warning window which appears.
- Once the ActiveX installs click the Start button to download the signature database when prompted.
- On the "Computer Scan" options window select Remove found threats ONLY, then click Scan.
- A log file of the results can be found at C:/Program Files/EsetOnlineScanner/log.txt
- Post the results in your next reply please.
P.S
Did you remove the software that your wife installed ?
If not, try removing it.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Hi Bricat, running the scan now and will post the results.
I did remove the software that was installed and my active desktop appears to be working again today ! ? ! ? ! ?
Should I create a new restore point as system restore didnt work yesterday ??
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
wait until we see what ESET finds
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
going to run it again now. did it last night and froze after 1hr 18 mins !!!!!!
Edited by ivansmagic (Thu Apr 10 2008 07:35 AM)
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
OK, thats the scan completed with NO THREATS FOUND.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
It looks like the computer is clean, there is no sign of any malware.
DISABLE SYSTEM RESTORE
To flush out infected restore points.
Then restart your system restore.(same page).then create a new restore point :-
click START\ALL PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE. click on "create new restore point"
click on NEXT and follow the prompts.
this is to ensure that if you have to do a system restore in the future that you don't get all the infections reinstalled again.
Then :-
Download and scan with CCleaner - Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Hi Bricat, I have done all you have suggested but I am still having problems. I use CCleaner on a weekly basis. I am usually very cafeful about what I download / install. My desktop is now giving me the message that it has been turned off again. Things seemed to be working OK this morning so I tried to do a system restore after your previous post but again, when it restarted I got the messages saying system restoration could not be completed which is a bit of a worry.
Any more suggestions ?
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
your best bet would be to post in the xp help forum,some of the techies there should be able to help. i can't find any sign of malware and it seems to be a system/OS problem.
sorry i can't be of more help.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Ok, will do that. Cheers for all your help. Much appreciated. Will let you know how I get on.
|
ivansmagic
regular
Reg'd: Tue
Posts: 88
|
|
Well thats me up and running again. Transpires that my motherboard needed replacing. Done now and working like a dream again.
Thanks again for all your time and help
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28633
Loc: belfast
|
|
glad to hear you got it sorted.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
