 W32/cryptor, infected userinit. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 30 2009, 12:37 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 30-April 09 Member No.: 327,002  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:36:08 PM, on 4/30/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Razer\Lachesis\razerhid.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Razer\Tarantula\razerhid.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Razer\Lachesis\OSD.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Razer\Lachesis\razertra.exe C:\Program Files\Razer\Lachesis\razerofa.exe C:\Program Files\Razer\Tarantula\razertra.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wpabaln.exe C:\Program Files\Steam\Steam.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1239907111497 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5413 bytes |
 |
 
|
|
May 13 2009, 06:28 AM
Post
#2
|
|
 I !<3 malware Group: Malware Response Team Posts: 2,573 Joined: 8-June 08 From: Ontario Member No.: 214,918 |
Hello, mgumpher.
My name is aommaster and I will be helping you with your log. I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up. If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine. Thanks Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread. Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
In your next reply, please include the following:
-------------------- My website: http://www.aommaster.com
--- Please do not send me PM's requesting for help. The forums are there for a reason : ) If I am helping you and do not respond to your thread for 48 hours, please send me a PM All my help is free. However, if you would like to make a donation, then please click here. |
|
|
|
|
May 16 2009, 06:42 AM
Post
#3
|
|
|
I !<3 malware Group: Malware Response Team Posts: 2,573 Joined: 8-June 08 From: Ontario Member No.: 214,918 |
Hello mgumpher
Are you still with us? -------------------- My website: http://www.aommaster.com
--- Please do not send me PM's requesting for help. The forums are there for a reason : ) If I am helping you and do not respond to your thread for 48 hours, please send me a PM All my help is free. However, if you would like to make a donation, then please click here. |
|
|
|
|
May 18 2009, 07:35 PM
Post
#4
|
|
 Forum Addict Group: Malware Response Instructor Posts: 7,506 Joined: 27-October 06 From: Florida Member No.: 92,376 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Please do not pm for help, post it in the forums instead.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications. If I have helped you then please consider donating to continue the fight against malware  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 11th March 2010 - 10:33 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.