Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Would You Please Take A Loook At My Hi Jack Log?


  • Please log in to reply
3 replies to this topic

#1 jzarkman

jzarkman

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 01 December 2007 - 04:40 PM

Would you take a look at my log....I almost had my PC go south on me. I had the chance to reboot and at least get on to send this out. You all have helped many a times before and I am in need of some more help. Thanks again for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:25 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\Program Files\APC\APC PowerChute Personal

Edition\mainserv.exe
D:\PROGRA~1\DATACA~1\FLashKsk.exe
D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Trend Micro\Internet Security

2007\pccguide.exe
D:\WINDOWS\ATKKBService.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\Imgtask.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe
D:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common

Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
D:\Program Files\APC\APC PowerChute Personal

Edition\apcsystray.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
D:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PC Junk\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dl

l
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program

Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program

Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataCaching]

D:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector]

D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program

Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

"D:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ImgTask] D:\WINDOWS\Imgtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE]

D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run:

[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"D:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] D:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart]

D:\Program Files\Common

Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program

Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}

(Snapfish Activia) -

http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Contr

ols/en/x86/client/wuweb_site.cab?1179873280405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Contr

ols/en/x86/client/muweb_site.cab?1179873273577
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN

Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56

649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}

(Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712/5m/virtools.downlo

ad.akamai.com/6712/player/install/installer.exe
O23 - Service: APC UPS Service - American Power

Conversion Corporation - D:\Program Files\APC\APC

PowerChute Personal Edition\mainserv.exe
O23 - Service: ATK Keyboard Service

(ATKKeyboardService) - ASUSTeK COMPUTER INC. -

D:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google

- D:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark

International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Program

Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -

D:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component

(PcCtlCom) - Trend Micro Inc. -

D:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware

(PcScnSrv) - Trend Micro Inc. -

D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv)

- Trend Micro Inc. -

D:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -

Trend Micro Inc. -

D:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -

Trend Micro Inc. -

D:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 December 2007 - 08:35 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jzarkman
My name is Richie and i'll be helping you to fix your problems.

The current formatting of your log makes it difficult to read/evaluate.
Open 'Notepad',click on 'Format' at the top,then uncheck 'Word Wrap' if it's checked.

If you have previously downloaded ComboFix,please delete that version now.

Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could lead to your system becoming unusable.

Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 jzarkman

jzarkman
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 14 December 2007 - 09:28 AM

Sorry took so long....Thanks for the help so far.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:10 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\PROGRA~1\DATACA~1\FLashKsk.exe
D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Imgtask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\WINDOWS\ATKKBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
D:\WINDOWS\explorer.exe
C:\PC Junk\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataCaching] D:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ImgTask] D:\WINDOWS\Imgtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] D:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179873280405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179873273577
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 7379 bytes


and ComboFix

ComboFix 07-12-07.5 - joe zarka 2007-12-14 9:08:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1343 [GMT -5:00]
Running from: D:\Documents and Settings\joe zarka\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-13 19:53 . 2007-12-13 19:53 <DIR> d-------- D:\Program Files\RegCure
2007-12-07 07:42 . 2007-12-07 07:42 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-12-03 21:38 . 2007-12-07 10:26 846 --a------ D:\WINDOWS\Active Setup Log.BAK
2007-12-01 05:24 . 2007-12-01 05:24 <DIR> d--hs---- D:\found.001
2007-12-01 04:37 . 2007-12-01 04:37 <DIR> d--hs---- D:\found.000
2007-11-16 12:57 . 2004-08-04 03:56 159,232 --a------ D:\WINDOWS\system32\ptpusd.dll
2007-11-16 12:57 . 2004-08-04 01:58 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys
2007-11-16 12:57 . 2004-08-04 01:58 15,104 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-16 12:57 . 2001-08-17 22:36 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 09:36 --------- d-----w D:\Program Files\City of Heroes
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 22:39 --------- d-----w D:\Documents and Settings\joe zarka\Application Data\MSN6
2007-11-10 22:39 --------- d-----w D:\DOCUME~1\JOEZAR~1\APPLIC~1\MSN6
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-06-04 21:59 17,920 ----a-w D:\Documents and Settings\joe zarka\Application Data\GDIPFONTCACHEV1.DAT
2007-06-04 21:59 17,920 ----a-w D:\DOCUME~1\JOEZAR~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-22 22:32 15,505,200 ----a-w D:\Program Files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 02:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-22 21:12]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"DataCaching"="D:\PROGRA~1\DATACA~1\FLashKsk.exe" [2002-10-08 19:58]
"Camera Detector"="D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2002-10-07 23:48]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 02:34 D:\WINDOWS\RTHDCPL.exe]
"pccguide.exe"="D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 05:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 D:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ImgTask"="D:\WINDOWS\Imgtask.exe" [2006-12-12 22:26]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]

D:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
APC UPS Status.lnk - D:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-04 15:19:45]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{808958c0-7869-11dc-8020-001617bb004e}]
\Shell\AutoRun\command - G:\Imageviewer.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 09:09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 9:10:22
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 14 December 2007 - 09:46 AM

There are no problems that i can see,lets run the following:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users