|
|
cybernetictiger
regular
Reg'd: Mon
Posts: 64
Loc: Mid Glamorgan
|
|
AVG 8.5 picks up the following
c:\windows\system32\SKYNETexdomxor.dll in c:\windows\system32\svshost.exe
Could someone kindly have a look at my log to see if there's anyhting untoward in it.
Thanks in advance
Logfile of Trend Micro HijackThis v2.02
Scan saved at 23:32:08, on 29/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Treeza\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 3523 bytes
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Please keep me informed about any changes to your problems during the different steps of the fix
FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
 
When the only tool you own is a hammer, every problem begins to look like a nail. 
|
cybernetictiger
regular
Reg'd: Mon
Posts: 64
Loc: Mid Glamorgan
|
|
Logs as requested.
ComboFix 09-06-29.04 - Treeza 30/06/2009 18:46.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.44.1033.18.1917.1091 [GMT 1:00]
Running from: c:\users\Treeza\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\SKYNETppottgji.sys
c:\windows\system32\SKYNETexdomxor.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETuovdjkmp
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-30 17:50 . 2009-06-30 17:50 -------- d-----w- c:\users\Treeza\AppData\Local\temp
2009-06-30 16:22 . 2009-06-30 16:22 268800 ----a-w- c:\windows\system32\es.dll
2009-06-29 22:16 . 2009-06-29 22:16 -------- d-----w- c:\users\Treeza\AppData\Roaming\Malwarebytes
2009-06-29 22:15 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 22:15 . 2009-06-29 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 22:15 . 2009-06-29 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-06-29 22:15 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 22:12 . 2009-06-29 22:31 -------- d-----w- c:\users\Treeza\AppData\Roaming\Uniblue
2009-06-29 22:12 . 2009-06-29 22:31 -------- d-----w- c:\program files\Uniblue
2009-06-29 22:12 . 2009-06-29 22:31 -------- d-----w- c:\programdata\DriverScanner
2009-06-29 22:06 . 2009-06-29 22:06 -------- d-----w- c:\program files\Trend Micro
2009-06-29 22:05 . 2009-06-29 22:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 22:05 . 2009-06-29 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-29 21:39 . 2009-06-29 21:40 -------- d-----w- c:\users\Treeza\AppData\Local\Adobe
2009-06-29 21:19 . 2009-06-29 21:19 -------- d-----w- c:\users\Treeza\AppData\Roaming\DivX
2009-06-29 20:42 . 2009-06-29 21:13 476704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-29 20:31 . 2009-06-29 21:12 -------- d-----w- c:\programdata\ParetoLogic
2009-06-29 20:31 . 2009-06-29 21:12 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-29 20:31 . 2009-06-29 20:31 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-06-29 20:31 . 2009-06-29 20:31 -------- d-----w- c:\users\Treeza\AppData\Local\Downloaded Installations
2009-06-29 19:45 . 2009-06-29 19:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-29 17:20 . 2009-06-30 16:22 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-29 17:19 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-29 17:19 . 2009-06-29 17:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-29 17:13 . 2009-06-29 17:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-29 17:13 . 2009-06-29 17:13 -------- d-----w- c:\program files\DivX
2009-06-29 17:13 . 2009-06-29 17:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:55 . 2009-06-28 12:27 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-28 20:57 . 2009-06-28 12:04 -------- d-----w- c:\windows\Panther
2009-06-28 20:57 . 2009-06-28 20:57 -------- d-sh--w- C:\Boot
2009-06-28 20:56 . 2009-06-28 20:56 -------- d-----w- c:\windows\system32\OEM
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\windows\system32\Macromed
2009-06-28 20:12 . 2009-06-28 20:12 -------- d-----w- c:\program files\uTorrent
2009-06-28 20:11 . 2009-06-29 21:28 -------- d-----w- c:\users\Treeza\AppData\Roaming\uTorrent
2009-06-28 16:20 . 2009-06-28 19:07 680 ----a-w- c:\users\Treeza\AppData\Local\d3d9caps.dat
2009-06-28 15:46 . 2009-06-28 15:46 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-06-28 15:46 . 2009-06-28 15:46 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-06-28 15:46 . 2009-06-28 15:46 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-28 15:46 . 2009-06-28 15:46 272896 ----a-w- c:\windows\system32\polstore.dll
2009-06-28 15:42 . 2009-06-28 15:42 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-06-28 15:42 . 2009-06-28 15:42 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-06-28 15:42 . 2009-06-28 15:42 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-06-28 15:40 . 2009-06-28 15:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-06-28 15:40 . 2009-06-28 15:40 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-06-28 15:40 . 2009-06-28 15:40 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-06-28 15:39 . 2009-06-28 15:39 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-06-28 15:39 . 2009-06-28 15:39 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-06-28 15:39 . 2009-06-28 15:39 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-06-28 15:39 . 2009-06-28 15:39 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-06-28 15:39 . 2009-06-28 15:39 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-06-28 15:39 . 2009-06-28 15:39 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-06-28 15:39 . 2009-06-28 15:39 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2009-06-28 15:39 . 2009-06-28 15:39 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-06-28 15:39 . 2009-06-28 15:39 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-06-28 15:38 . 2009-06-28 15:38 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-06-28 15:38 . 2009-06-28 15:38 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-06-28 15:38 . 2009-06-28 15:38 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-06-28 15:38 . 2009-06-28 15:38 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-06-28 15:38 . 2009-06-28 15:38 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-06-28 15:37 . 2009-06-28 15:37 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-06-28 15:37 . 2009-06-28 15:37 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-06-28 15:36 . 2009-06-28 15:36 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-28 15:34 . 2009-06-28 15:34 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-06-28 15:34 . 2009-06-28 15:34 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-06-28 15:30 . 2009-06-28 15:30 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-28 15:26 . 2009-06-28 15:26 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-06-28 15:24 . 2009-06-28 15:24 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-06-28 15:24 . 2009-06-28 15:24 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-06-28 15:22 . 2009-06-28 15:22 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-28 15:21 . 2009-06-28 15:21 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-28 15:21 . 2009-06-28 15:21 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-28 15:17 . 2009-06-28 15:17 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-28 15:17 . 2009-06-28 15:17 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-28 15:17 . 2009-06-28 15:17 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-06-28 15:13 . 2009-06-28 15:13 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-06-28 15:11 . 2009-06-28 15:11 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-06-28 15:11 . 2009-06-28 15:11 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-06-28 15:10 . 2009-06-28 15:10 414208 ----a-w- c:\windows\system32\msscp.dll
2009-06-28 15:08 . 2009-06-28 15:08 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-06-28 15:07 . 2009-06-28 15:07 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-06-28 15:07 . 2009-06-28 15:07 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-06-28 15:07 . 2009-06-28 15:07 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-06-28 15:07 . 2009-06-28 15:07 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-06-28 15:07 . 2009-06-28 15:07 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-06-28 15:07 . 2009-06-28 15:07 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-06-28 15:07 . 2009-06-28 15:07 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-06-28 15:07 . 2009-06-28 15:07 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-06-28 15:07 . 2009-06-28 15:07 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-06-28 15:04 . 2009-06-28 15:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-28 15:02 . 2009-06-28 15:02 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-28 15:02 . 2009-06-28 15:02 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-28 15:02 . 2009-06-28 15:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-06-28 15:00 . 2009-06-28 15:00 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-28 14:57 . 2009-06-28 14:57 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-28 14:49 . 2009-06-28 14:49 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-06-28 14:49 . 2009-06-28 14:49 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-06-28 14:49 . 2009-06-28 14:49 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-06-28 14:49 . 2009-06-28 14:49 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2009-06-28 14:49 . 2009-06-28 14:49 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-06-28 14:49 . 2009-06-28 14:49 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-06-28 14:48 . 2009-06-28 14:48 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2009-06-28 14:47 . 2009-06-28 14:47 2923520 ----a-w- c:\windows\explorer.exe
2009-06-28 14:45 . 2009-06-28 14:45 8704 ----a-w- c:\windows\system32\hcrstco.dll
2009-06-28 14:45 . 2009-06-28 14:45 8704 ----a-w- c:\windows\system32\hccoin.dll
2009-06-28 14:45 . 2009-06-28 14:45 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2009-06-28 14:45 . 2009-06-28 14:45 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-06-28 14:45 . 2009-06-28 14:45 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-06-28 14:45 . 2009-06-28 14:45 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-06-28 14:45 . 2009-06-28 14:45 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-06-28 14:42 . 2009-06-28 14:42 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-06-28 14:42 . 2009-06-28 14:42 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-06-28 14:42 . 2009-06-28 14:42 216632 ----a-w- c:\windows\system32\drivers\netio.sys
2009-06-28 14:42 . 2009-06-28 14:42 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-06-28 14:42 . 2009-06-28 14:42 803328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-28 14:36 . 2009-06-28 14:36 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-06-28 14:36 . 2009-06-28 14:36 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2009-06-28 14:36 . 2009-06-28 14:36 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2009-06-28 14:36 . 2009-06-28 14:36 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2009-06-28 14:36 . 2009-06-28 14:36 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2009-06-28 14:36 . 2009-06-28 14:36 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2009-06-28 14:36 . 2009-06-28 14:36 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2009-06-28 14:36 . 2009-06-28 14:36 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2009-06-28 14:35 . 2009-06-28 14:35 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2009-06-28 14:35 . 2009-06-28 14:35 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2009-06-28 14:35 . 2009-06-28 14:35 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 21:13 . 2009-06-29 20:42 7460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-28 16:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-28 16:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 16:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-28 15:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-28 15:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-28 14:32 . 2009-06-28 14:32 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2009-06-28 14:15 . 2009-06-28 14:15 620088 ----a-w- c:\windows\system32\ci.dll
2009-06-28 14:02 . 2009-06-28 14:02 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2009-06-28 13:10 . 2009-06-28 13:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-28 13:10 . 2009-06-28 13:10 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-28 13:10 . 2009-06-28 13:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-28 13:10 . 2009-06-28 13:10 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2007-02-21 19:48 . 2007-02-21 19:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CE39B175-9594-42CF-A332-10C8C891E48C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{132FFABD-BA61-447E-B830-3BB5C0A4FA74}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6CE018E3-7E38-49C0-9A50-BEC0BAB76595}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{58E99E54-A984-4DC5-B2A6-3952BF238EF5}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{76241B5E-A0FF-492C-A838-DD3ABDABA82C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28/06/2009 13:28 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28/06/2009 13:28 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [28/06/2009 13:27 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/06/2009 13:27 298776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.moneysavingexpert.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 18:50
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-30 18:51
ComboFix-quarantined-files.txt 2009-06-30 17:51
Pre-Run: 91,420,315,648 bytes free
Post-Run: 91,437,191,168 bytes free
227 --- E O F --- 2009-06-30 17:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:36, on 30/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Users\Treeza\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 2617 bytes
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
that looks clean now, just some tidying up to do.
Click START then RUN
Now type Combofix /u in the runbox and click OK
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
Leave the system section at default.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
cybernetictiger
regular
Reg'd: Mon
Posts: 64
Loc: Mid Glamorgan
|
|
Thanks Bricat, your time and help is always appreciated.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
Happy to help 
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
