Hijack, Combofix, And Ccleaner Log To Review

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Hijack, Combofix, And Ccleaner Log To Review, Hoping my computer is Malware, Virus Free...

Options

infamouscaption View Member Profile	Aug 21 2008, 02:12 PM Post #1
New Member Group: Members Posts: 2 Joined: 21-August 08 Member No.: 232,019	Hello, Just want to add that is a wonderful site... if it wasn't for this place, I'd probably was just going to reformat my hard drive. So a roommate of mine decided to look for a keygen for a nvidia program and ended up installing some sort of virus that had the following symptoms as this member: http://www.bleepingcomputer.com/forums/topic162553.html QUOTE 1. Computer time has changed to Military Time and "VIRUS ALERT!" shows up next to the time. 2. In the start tab I cannot see the program files fly out, control panel, run tab, ect. 3. On my computer I cannot see my C:/ drive. 4. Various spyware and virus alerts popping up all the time. 5. Computer trys to access various web pages automatically 6. Desktop picture changed to red screen with text "Your Privacy is in Danger - Download privacy protection software now" 7. New icons installed on desktop for "privacy protector" , "error cleaner" and "spyware and malware protection" 8. When doing an cntl-alt-delete it says this has been disabled by the administrator So I continued reading the thread, and followed Simon's instructions and I'm hoping everything is back to normal. Can anyone let me know if there's more I have to do? Here's the following logs from ComboFix, Hijack, CCleaner Uninstall List: ComboFix 08-08-19.06 - Erljames 2008-08-21 13:49:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069 [GMT -4:00] Running from: C:\Documents and Settings\Erljames\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Erljames\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\sex1.ico C:\WINDOWS\system32\sex2.ico C:\WINDOWS\system32\vav.cpl . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-21 13:34 . 2008-08-21 13:34 <DIR> d-------- C:\Program Files\CCleaner 2008-08-21 12:04 . 2008-08-21 12:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-21 11:45 . 2008-08-21 11:45 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-21 01:43 . 2008-08-21 01:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-08-21 01:42 . 2008-08-21 01:43 <DIR> d-------- C:\Documents and Settings\Erljames\.housecall6.6 2008-08-20 20:38 . 2008-08-20 20:38 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-20 20:25 . 2008-08-20 20:25 1,812 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-20 20:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-20 20:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-20 20:24 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-20 20:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-20 20:24 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-20 20:24 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-20 20:24 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-20 20:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-20 20:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-20 20:06 . 2008-08-20 20:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-08-20 19:34 . 2008-08-20 19:34 <DIR> d-------- C:\Program Files\Sonic 2008-08-20 19:34 . 2008-08-20 19:34 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2008-08-20 19:34 . 2008-08-20 19:34 59 --a------ C:\WINDOWS\WININIT.INI 2008-08-20 19:06 . 2008-08-20 19:06 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-08-20 19:06 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2008-08-20 19:06 . 2004-10-11 11:28 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll 2008-08-20 19:06 . 2004-11-12 16:01 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll 2008-08-20 19:06 . 2004-12-13 09:44 14,848 --a------ C:\WINDOWS\system32\drivers\nvndis.sys 2008-08-20 19:06 . 2004-10-11 11:28 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2008-08-20 18:20 . 2008-08-20 18:20 <DIR> d-------- C:\Program Files\VideoLAN 2008-08-20 18:20 . 2008-08-20 18:20 <DIR> d-------- C:\Documents and Settings\Erljames\Application Data\vlc 2008-08-20 18:11 . 2008-08-20 18:11 <DIR> d-------- C:\divx 2008-08-20 17:57 . 2008-08-20 17:57 <DIR> d-------- C:\WINDOWS\Sun 2008-08-20 17:49 . 2007-09-17 08:07 135,089 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-08-20 17:42 . 2008-08-20 17:42 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-20 17:11 . 2008-08-20 17:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-20 16:42 . 2008-08-20 16:42 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-20 16:34 . 2008-08-20 16:34 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-20 16:31 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-20 16:24 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-20 15:54 . 2008-08-20 19:17 <DIR> d-------- C:\Documents and Settings\Erljames\Application Data\Yahoo! 2008-08-20 15:54 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-20 15:54 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-20 15:53 . 2008-06-23 12:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-20 15:53 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-20 15:53 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-20 15:53 . 2008-06-23 12:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-20 15:53 . 2008-06-23 12:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-20 15:53 . 2008-06-23 12:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-20 15:53 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-20 15:53 . 2008-06-23 12:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-20 15:53 . 2008-06-23 12:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-20 15:53 . 2008-06-23 05:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-20 15:52 . 2008-08-20 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-20 15:52 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-20 15:51 . 2008-08-20 16:00 <DIR> d-------- C:\Program Files\Yahoo! 2008-08-20 15:49 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-20 15:49 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-20 15:49 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-25 04:36 . 2008-07-25 04:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 04:36 . 2008-07-25 04:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 17:40 . 2008-07-23 17:40 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-07-23 17:30 . 2008-07-23 17:42 <DIR> d-------- C:\Program Files\Canon 2008-07-23 12:50 . 2008-07-23 12:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 12:48 . 2008-07-23 12:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 12:48 . 2008-07-23 12:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 12:47 . 2008-07-23 12:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-07-23 12:47 . 2008-07-23 12:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-07-23 12:46 . 2008-07-23 12:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-21 02:24 --------- d-----w C:\Documents and Settings\Erljames\Application Data\U3 2008-08-21 01:15 --------- d-----w C:\Program Files\Lavasoft 2008-08-21 01:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-21 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-20 23:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-20 22:29 --------- d-----w C:\Program Files\Winamp 2008-08-20 22:02 --------- d-----w C:\Program Files\DivX 2008-08-20 21:42 --------- d-----w C:\Program Files\Common Files\Real 2008-08-20 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-09-28 19:00 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 08:07 8491008] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40 124656] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-20 17:42 185896] "CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - C:\Program Files\UB-VPN\vpngui.exe [2007-08-27 14:40:17 1528880] Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-07-25 02:01:00 114688] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Erljames^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Erljames\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-08-20 17:42 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-08-09 11:32] R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-08-09 11:32] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36] Newly Created Service - CATCHME Newly Created Service - DMADMIN Newly Created Service - NTMSSVC Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - ORPHANS REMOVED - - - - BHO-{48776EE4-6AEA-4121-A341-559129C4A0DE} - C:\WINDOWS\twmxbsqrobw.dll BHO-{F73DBD9E-5F1B-4BCA-8604-A911DCE08B37} - C:\WINDOWS\system32\fayo.dll Toolbar-{C091867D-17C0-4855-B6E5-797649ED7A9A} - C:\WINDOWS\rafbsvnx.dll HKCU-Run-\SUE23.exe - C:\Windows\SUE23.exe HKCU-Run-\SUE24.exe - C:\Windows\SUE24.exe HKCU-Run-\SUE25.exe - C:\Windows\SUE25.exe HKCU-Run-\SUE26.exe - C:\Windows\SUE26.exe HKCU-Run-\SUE27.exe - C:\Windows\SUE27.exe HKLM-Run-\SUE23.exe - C:\Windows\SUE23.exe HKLM-Run-\SUE24.exe - C:\Windows\SUE24.exe HKLM-Run-\SUE25.exe - C:\Windows\SUE25.exe HKLM-Run-\SUE26.exe - C:\Windows\SUE26.exe HKLM-Run-\SUE27.exe - C:\Windows\SUE27.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Erljames\Application Data\Mozilla\Firefox\Profiles\709gmimy.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - myub.buffalo.edu . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 13:55:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\SUE23.exe"="C:\\Windows\\SUE23.exe" "\\SUE24.exe"="C:\\Windows\\SUE24.exe" "\\SUE25.exe"="C:\\Windows\\SUE25.exe" "\\SUE26.exe"="C:\\Windows\\SUE26.exe" "\\SUE27.exe"="C:\\Windows\\SUE27.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\SUE23.exe"="C:\\Windows\\SUE23.exe" "\\SUE24.exe"="C:\\Windows\\SUE24.exe" "\\SUE25.exe"="C:\\Windows\\SUE25.exe" "\\SUE26.exe"="C:\\Windows\\SUE26.exe" "\\SUE27.exe"="C:\\Windows\\SUE27.exe" . Completion time: 2008-08-21 14:04:49 ComboFix-quarantined-files.txt 2008-08-21 18:04:19 Pre-Run: 178,156,179,456 bytes free Post-Run: 178,365,579,264 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 234 --- E O F --- 2008-08-20 21:25:07 This post has been edited by infamouscaption**: Aug 21 2008, 02:16 PM

infamouscaption View Member Profile	Aug 21 2008, 02:13 PM Post #2
New Member Group: Members Posts: 2 Joined: 21-August 08 Member No.: 232,019	Hijack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:7PM, on 8/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\UB-VPN\cvpnd.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\UB-VPN\vpngui.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188316236468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219265534562 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 7951 bytes CCleaner Uninstall Log: Ad-Aware Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8 Adobe Shockwave Player Apple Mobile Device Support Apple Software Update Canon Camera Support Core Library Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon Utilities PhotoStitch 3.1 Canon ZoomBrowser EX CCleaner (remove only) Civilization III Complete Edition Conexant D850 56K V.9x DFVc Modem Creative Audio Console DivX Codec DivX Converter DivX Player DivX Web Player Final Draft 7 FLV Player 1.3.3 HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Intel® PRO Network Connections Drivers iTunes Java™ 6 Update 2 Java™ SE Runtime Environment 6 Update 1 Kodak EasyShare software LiveUpdate 3.0 (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Enterprise 2007 Microsoft Windows Journal Viewer Microsoft Windows XP Video Decoder Checkup Utility Mozilla Firefox (2.0.0.16) Mozilla Thunderbird (2.0.0.5) MSXML 4.0 SP2 (KB936181) NVIDIA Drivers NVIDIA DVD Decoder PuTTY version 0.57 QuickTime RealPlayer Rhapsody Player Engine Sonic CinePlayer DVD Pack Speech Symantec Client Security VideoLAN VLC media player 0.8.6h VPN Client Winamp (remove only) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XviD MPEG-4 Video Codec Yahoo! Messenger

Shaba View Member Profile	Sep 7 2008, 05:21 AM Post #3
Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186	Hello and welcome to BC We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. Please see here for instructions how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please. Next Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Please post back with HijackThis log and Kaspersky report. Regards -------------------- Microsoft MVP Consumer Security

Shaba View Member Profile	Sep 13 2008, 05:33 AM Post #4
Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186	Due to the lack of feedback this Topic is closed. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Microsoft MVP Consumer Security

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 07:01 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides