Help
Can someone help me if there is a virus?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:08 PM, on 11/20/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5584 bytes
Edit: Merged two separate topics into one. ~ Animal
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Help there might be a virus? Help me
Back to top
#2
- New Member
-
- Group: Members
- Posts: 2
- Joined: 19-November 11
Posted 20 November 2011 - 12:01 AM
DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by GIXIE at 12:58:55 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.2.1252.63.1033.18.1978.965 [GMT 8:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "c:\progra~1\uniblue\speedu~1\launcher.exe" -d 20000
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4979A2AF-5943-4E5E-A215-6885E2F373D3} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-19 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-19 140376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-19 1023872]
S1 MpKsl178e97c3;MpKsl178e97c3; [x]
S1 MpKsl17c2f825;MpKsl17c2f825; [x]
S1 MpKsl1e9d1d96;MpKsl1e9d1d96; [x]
S1 MpKsl291b8d45;MpKsl291b8d45; [x]
S1 MpKsl7516da5c;MpKsl7516da5c; [x]
S1 MpKsla5f49f78;MpKsla5f49f78; [x]
S1 MpKslb9186e8c;MpKslb9186e8c; [x]
S1 MpKslbaa45ec4;MpKslbaa45ec4; [x]
S1 MpKslc223458a;MpKslc223458a; [x]
S1 MpKsle612f56e;MpKsle612f56e; [x]
S1 MpKsle7305fb7;MpKsle7305fb7; [x]
S1 MpKslfb4103af;MpKslfb4103af; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-19 1691480]
S3 apf001;apf001;d:\rakionis\bin\apf001.sys [2011-9-30 10872]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 EagleXNt;EagleXNt; [x]
S3 esgiguard;esgiguard; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-21 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\ghidpnp.sys --> c:\windows\system32\drivers\gHidPnp.Sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gmouusb.sys --> c:\windows\system32\drivers\gMouUsb.sys [?]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-7-9 565552]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S3 rak;rak; [x]
S3 redxd1;redxd1; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-21 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-21 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-21 121856]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zenx1;zenx1; [x]
S4 AVP;Kaspersky Anti-Virus Service; [x]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-21 233472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-11-19 15:06:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-19 15:06:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-18 11:42:24 -------- d-sh--w- C:\FOUND.030
2011-11-14 06:39:44 -------- d-sh--w- C:\FOUND.029
2011-11-13 10:30:48 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-11-12 06:06:46 -------- d-sh--w- C:\FOUND.028
2011-11-05 07:27:57 -------- d-sh--w- c:\documents and settings\gixie\IECompatCache
2011-11-01 08:22:21 -------- d-----w- c:\windows\system32\VIRepair
2011-11-01 08:07:09 -------- d-----w- c:\documents and settings\gixie\application data\ViSplore
2011-11-01 08:07:07 -------- d-----w- c:\documents and settings\gixie\application data\ViGlance
2011-11-01 08:07:06 -------- d-----w- c:\documents and settings\gixie\application data\ViStart
2011-11-01 08:00:26 -------- d-----w- c:\windows\system32\VITrans
2011-11-01 07:57:43 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2011-10-29 15:04:13 -------- d-----w- c:\program files\Warkeys
2011-10-25 10:20:28 -------- d-sh--w- C:\FOUND.027
2011-10-24 11:33:30 -------- d-sh--w- C:\FOUND.026
2011-10-24 02:58:18 -------- d-----w- c:\documents and settings\gixie\application data\Process Hacker 2
.
==================== Find3M ====================
.
2011-11-20 03:48:24 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-12 10:23:30 234800 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-10-12 10:23:30 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2011-10-12 10:21:56 203352 ----a-w- c:\windows\system32\JmCrIcon.dll
2011-10-12 10:21:56 140376 ----a-w- c:\windows\system32\drivers\jmcr.sys
2011-10-12 10:21:30 1023872 ----a-w- c:\windows\system32\drivers\rt2860.sys
2011-10-12 05:32:18 161064 ------w- c:\windows\system32\SynTPAPI.dll
2011-10-12 05:32:18 1461992 ------w- c:\windows\system32\WdfCoInstaller01009.dll
2011-10-12 05:32:18 120104 ------w- c:\windows\system32\SynTPCo4.dll
2011-10-12 05:32:16 173352 ------w- c:\windows\system32\SynCOM.dll
2011-10-08 15:56:26 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-08 15:41:10 2 --sha-r- c:\windows\winstart.bat
2011-10-07 18:31:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 18:31:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 22:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 03:24:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 22:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-14 15:45:38 716153 ----a-w- c:\windows\system32\unins000.exe
2011-09-12 22:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-02 05:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 15:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 15:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-07 03:46:38 227618 ----a-w- c:\program files\uninst.exe
2011-08-05 10:58:14 32409688 ----a-w- c:\program files\im_installer.exe
2011-02-22 06:31:22 4485976 ----a-w- c:\program files\vcredist_x86.exe
2008-10-09 20:52:38 4379984 ----a-w- c:\program files\D3Dx9_40.dll
2008-07-12 00:18:52 3851784 ----a-w- c:\program files\D3DX9_39.dll
2008-03-08 23:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 12:59:44.12 ===============
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by GIXIE at 12:58:55 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.2.1252.63.1033.18.1978.965 [GMT 8:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\GIXIE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/niwradsoft/{71AD05CE-F844-4B44-9A9C-6447815F6A13}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "c:\progra~1\uniblue\speedu~1\launcher.exe" -d 20000
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4979A2AF-5943-4E5E-A215-6885E2F373D3} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-19 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-19 140376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-19 1023872]
S1 MpKsl178e97c3;MpKsl178e97c3; [x]
S1 MpKsl17c2f825;MpKsl17c2f825; [x]
S1 MpKsl1e9d1d96;MpKsl1e9d1d96; [x]
S1 MpKsl291b8d45;MpKsl291b8d45; [x]
S1 MpKsl7516da5c;MpKsl7516da5c; [x]
S1 MpKsla5f49f78;MpKsla5f49f78; [x]
S1 MpKslb9186e8c;MpKslb9186e8c; [x]
S1 MpKslbaa45ec4;MpKslbaa45ec4; [x]
S1 MpKslc223458a;MpKslc223458a; [x]
S1 MpKsle612f56e;MpKsle612f56e; [x]
S1 MpKsle7305fb7;MpKsle7305fb7; [x]
S1 MpKslfb4103af;MpKslfb4103af; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-19 1691480]
S3 apf001;apf001;d:\rakionis\bin\apf001.sys [2011-9-30 10872]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 EagleXNt;EagleXNt; [x]
S3 esgiguard;esgiguard; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-21 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\ghidpnp.sys --> c:\windows\system32\drivers\gHidPnp.Sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gmouusb.sys --> c:\windows\system32\drivers\gMouUsb.sys [?]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-7-9 565552]
S3 MBAMSwissArmy;MBAMSwissArmy; [x]
S3 rak;rak; [x]
S3 redxd1;redxd1; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-21 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-21 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-21 121856]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zenx1;zenx1; [x]
S4 AVP;Kaspersky Anti-Virus Service; [x]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-21 233472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-11-19 15:06:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-19 15:06:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-18 11:42:24 -------- d-sh--w- C:\FOUND.030
2011-11-14 06:39:44 -------- d-sh--w- C:\FOUND.029
2011-11-13 10:30:48 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-11-12 06:06:46 -------- d-sh--w- C:\FOUND.028
2011-11-05 07:27:57 -------- d-sh--w- c:\documents and settings\gixie\IECompatCache
2011-11-01 08:22:21 -------- d-----w- c:\windows\system32\VIRepair
2011-11-01 08:07:09 -------- d-----w- c:\documents and settings\gixie\application data\ViSplore
2011-11-01 08:07:07 -------- d-----w- c:\documents and settings\gixie\application data\ViGlance
2011-11-01 08:07:06 -------- d-----w- c:\documents and settings\gixie\application data\ViStart
2011-11-01 08:00:26 -------- d-----w- c:\windows\system32\VITrans
2011-11-01 07:57:43 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2011-10-29 15:04:13 -------- d-----w- c:\program files\Warkeys
2011-10-25 10:20:28 -------- d-sh--w- C:\FOUND.027
2011-10-24 11:33:30 -------- d-sh--w- C:\FOUND.026
2011-10-24 02:58:18 -------- d-----w- c:\documents and settings\gixie\application data\Process Hacker 2
.
==================== Find3M ====================
.
2011-11-20 03:48:24 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-12 10:23:30 234800 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-10-12 10:23:30 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2011-10-12 10:21:56 203352 ----a-w- c:\windows\system32\JmCrIcon.dll
2011-10-12 10:21:56 140376 ----a-w- c:\windows\system32\drivers\jmcr.sys
2011-10-12 10:21:30 1023872 ----a-w- c:\windows\system32\drivers\rt2860.sys
2011-10-12 05:32:18 161064 ------w- c:\windows\system32\SynTPAPI.dll
2011-10-12 05:32:18 1461992 ------w- c:\windows\system32\WdfCoInstaller01009.dll
2011-10-12 05:32:18 120104 ------w- c:\windows\system32\SynTPCo4.dll
2011-10-12 05:32:16 173352 ------w- c:\windows\system32\SynCOM.dll
2011-10-08 15:56:26 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-08 15:41:10 2 --sha-r- c:\windows\winstart.bat
2011-10-07 18:31:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 18:31:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 22:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 03:24:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 22:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-14 15:45:38 716153 ----a-w- c:\windows\system32\unins000.exe
2011-09-12 22:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-02 05:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 15:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 15:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-07 03:46:38 227618 ----a-w- c:\program files\uninst.exe
2011-08-05 10:58:14 32409688 ----a-w- c:\program files\im_installer.exe
2011-02-22 06:31:22 4485976 ----a-w- c:\program files\vcredist_x86.exe
2008-10-09 20:52:38 4379984 ----a-w- c:\program files\D3Dx9_40.dll
2008-07-12 00:18:52 3851784 ----a-w- c:\program files\D3DX9_39.dll
2008-03-08 23:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 12:59:44.12 ===============
#3
- Forum Addict
-
- Group: Malware Response Team
- Posts: 5,061
- Joined: 16-June 06
- Gender:Male
- Location:Montreal, QC. Canada
Posted 24 November 2011 - 11:34 AM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Nothing suspicious was found on your log.
Before I suggest an remedial tool please run and post the logs requested below. I also need to know what problem you are having with this computer.
Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it
===
Please Download
TDSSKiller.zip
>>> Double-click on TDSSKiller.exe to run the application.
Please post the logs for my review.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Nothing suspicious was found on your log.
Before I suggest an remedial tool please run and post the logs requested below. I also need to know what problem you are having with this computer.
Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it
- Click the "Scan" button to start scan.
- Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
- Please post the contents of that log in your next reply.
===
Please Download
TDSSKiller.zip
>>> Double-click on TDSSKiller.exe to run the application.
- Click on the Start Scan button and wait for the scan and disinfection process to be over.
- If an infected file is detected, the default action will be Cure, click on Continue
- If a suspicious file is detected, the default action will be Skip, click on Continue
- If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
- If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
Please post the logs for my review.
#4
- Forum Addict
-
- Group: Malware Response Team
- Posts: 5,061
- Joined: 16-June 06
- Gender:Male
- Location:Montreal, QC. Canada
Posted 29 November 2011 - 09:36 AM
Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Share this topic:
Page 1 of 1
- You cannot start a new topic
-
This topic is locked