Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Do I Fix? Hijackthis Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 Riles

Riles

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 25 February 2008 - 01:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:21 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\updater\explorer.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\svchost.exe
E:\DOCUME~1\Riles\LOCALS~1\Temp\ir_ext_temp_9\autorun.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\?asks\?xplorer.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Updater] E:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [d818dc44] rundll32.exe "E:\WINDOWS\system32\acxxojon.dll",b
O4 - HKLM\..\Run: [BMa303c350] Rundll32.exe "E:\WINDOWS\system32\qwovfhjm.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] E:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] E:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Oorh] "E:\WINDOWS\system32\SKS~1\smss.exe" -vt ndrv
O4 - HKCU\..\Run: [Dqvpgier] E:\WINDOWS\system32\??pPatch\d?xplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162554027828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - E:\Documents and Settings\Riles\Desktop\Pictures\Subaru-Impreza04-1024.jpg
O24 - Desktop Component 1: (no name) - E:\Documents and Settings\Riles\Desktop\Pictures\Subaru_Impreza_55_1024x768.jpg

--
End of file - 6562 bytes

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 AM

Posted 26 February 2008 - 01:03 PM

Hi Riles and welcome to Bleeping Computer.
I will be handling your log and helping you to get cleaned up.

Please take note of the following:

1. Please do not make any system changes yet. as any changes you make may well alter your log.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Starbuck

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 AM

Posted 27 February 2008 - 04:10 PM

Hi Riles

Step 1
Your log is very infected, but this is not surprising as....
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:
Here's a list of good free Anti Virus protectors.Install it and then run a full scan. Let it quarantine/delete anything it finds.

Step 2
Please download ComboFix

**Note: It is important that it is saved directly to your desktop**

There are full instructions on how to download and run ComboFix here:
How to use ComboFix
Please follow all the instructions to the letter...(this is very important)

When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

In your next reply, please submit:
ComboFix.txt
and a new HJT log.

Thanks.

BBPP6nz.png


#4 Riles

Riles
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 01 March 2008 - 01:11 AM

Starbuck, as per your request, here is the ComboFix.txt log and my hijackthis log. Your help has been very much appreciated. Salutations

ComboFix.txt

Start Time= Sat 03/01/2008 1:05:32.21

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-03-01 01:05:18 91712 ( A.... ) "E:\WINDOWS\system32\jdsirgfa.dll"
2008-03-01 01:04:32 317952 ( A.... ) "E:\WINDOWS\system32\ddayx.dll"
2008-03-01 00:49:36 ( .D... ) "E:\Program Files\Alwil Software"
2008-02-29 22:13:02 84544 ( A.... ) "E:\WINDOWS\system32\giuffuhp.dll"
2008-02-29 22:10:02 88640 ( A.... ) "E:\WINDOWS\system32\iqiwwren.dll"
2008-02-29 22:07:00 91712 ( A.... ) "E:\WINDOWS\system32\npjwyaal.dll"
2008-02-28 22:11:04 89664 ( A.... ) "E:\WINDOWS\system32\wpwjfhak.dll"
2008-02-28 22:07:02 91712 ( A.... ) "E:\WINDOWS\system32\cislhbko.dll"
2008-02-27 22:10:02 90176 ( A.... ) "E:\WINDOWS\system32\ivmtsjwo.dll"
2008-02-27 22:07:00 91712 ( A.... ) "E:\WINDOWS\system32\fuhrfxpw.dll"
2008-02-26 22:13:00 89152 ( A.... ) "E:\WINDOWS\system32\dbxiwnux.dll"
2008-02-26 22:07:00 91712 ( A.... ) "E:\WINDOWS\system32\onlfsfnl.dll"
2008-02-25 22:07:02 90688 ( A.... ) "E:\WINDOWS\system32\mvlmjncq.dll"
2008-02-25 22:04:42 91712 ( A.... ) "E:\WINDOWS\system32\nhcirpmf.dll"
2008-02-25 07:47:08 90688 ( A.... ) "E:\WINDOWS\system32\vkghmmfr.dll"
2008-02-25 07:44:48 91712 ( A.... ) "E:\WINDOWS\system32\tologshy.dll"
2008-02-24 22:34:14 90176 ( A.... ) "E:\WINDOWS\system32\nqybqbcx.dll"
2008-02-24 22:28:50 91712 ( A.... ) "E:\WINDOWS\system32\qwovfhjm.dll"
2008-02-24 21:24:14 ( .D... ) "E:\Program Files\Trend Micro"
2008-02-23 16:42:56 89152 ( A.... ) "E:\WINDOWS\system32\hkhbhmbx.dll"
2008-02-23 16:39:54 85056 ( A.... ) "E:\WINDOWS\system32\oqmjfkbj.dll_old"
2008-02-23 16:37:38 91712 ( A.... ) "E:\WINDOWS\system32\jsraerrm.dll"
2008-02-17 09:45:52 74304 ( A.... ) "E:\WINDOWS\system32\mbkcjmee.dll"
2008-02-17 00:03:42 92736 ( A.... ) "E:\WINDOWS\system32\xxbvabyv.dll"
2008-02-17 00:01:22 86080 ( A.... ) "E:\WINDOWS\system32\twhepccr.dll"
2008-02-17 00:01:14 74304 ( A.... ) "E:\WINDOWS\system32\aplashcf.dll"
2008-02-14 14:04:36 91200 ( A.... ) "E:\WINDOWS\system32\viqwbxby.dll"
2008-02-13 17:10:02 88128 ( A.... ) "E:\WINDOWS\system32\jmnutsct.dll"
2008-02-13 17:07:04 98368 ( A.... ) "E:\WINDOWS\system32\olbjhnqi.dll"
2008-02-04 18:09:46 18214008 ( A.... ) "E:\WINDOWS\system32\MRT.exe"
2008-02-04 02:21:18 ( .D... ) "E:\Program Files\Movies To DVD"
2008-02-04 00:47:20 ( .D... ) "E:\Program Files\Dot1XCfg"
2008-02-03 02:04:16 ( .D... ) "E:\Program Files\Common Files\??stem"
2008-02-03 02:04:08 39936 ( ..... ) "E:\WINDOWS\system32\byxwxww.dll"
2008-01-24 23:17:40 ( .D... ) "E:\Program Files\ivc"
2008-01-24 22:19:20 ( .D... ) "E:\Program Files\Free FLV Converter"
2008-01-24 22:08:22 ( .D... ) "E:\Program Files\XviD"
2008-01-11 00:53:32 44544 ( A.... ) "E:\WINDOWS\system32\pngfilt.dll"
2007-12-19 18:01:06 347136 ( A.... ) "E:\WINDOWS\system32\dxtmsft.dll"
2007-12-08 00:21:48 3592192 ( A.... ) "E:\WINDOWS\system32\mshtml.dll"
2007-12-06 21:21:48 1159680 ( A.... ) "E:\WINDOWS\system32\urlmon.dll"
2007-12-06 21:21:48 824832 ( A.... ) "E:\WINDOWS\system32\wininet.dll"
2007-12-06 21:21:48 671232 ( A.... ) "E:\WINDOWS\system32\mstime.dll"
2007-12-06 21:21:48 478208 ( A.... ) "E:\WINDOWS\system32\mshtmled.dll"
2007-12-06 21:21:48 459264 ( A.... ) "E:\WINDOWS\system32\msfeeds.dll"
2007-12-06 21:21:48 233472 ( A.... ) "E:\WINDOWS\system32\webcheck.dll"
2007-12-06 21:21:48 193024 ( A.... ) "E:\WINDOWS\system32\msrating.dll"
2007-12-06 21:21:48 105984 ( A.... ) "E:\WINDOWS\system32\url.dll"
2007-12-06 21:21:48 102912 ( A.... ) "E:\WINDOWS\system32\occache.dll"
2007-12-06 21:21:48 52224 ( A.... ) "E:\WINDOWS\system32\msfeedsbs.dll"
2007-12-06 21:21:48 27648 ( A.... ) "E:\WINDOWS\system32\jsproxy.dll"
2007-12-06 21:21:46 6066176 ( A.... ) "E:\WINDOWS\system32\ieframe.dll"
2007-12-06 21:21:46 384512 ( A.... ) "E:\WINDOWS\system32\iedkcs32.dll"
2007-12-06 21:21:46 383488 ( A.... ) "E:\WINDOWS\system32\ieapfltr.dll"
2007-12-06 21:21:46 267776 ( A.... ) "E:\WINDOWS\system32\iertutil.dll"
2007-12-06 21:21:46 230400 ( A.... ) "E:\WINDOWS\system32\ieaksie.dll"
2007-12-06 21:21:46 214528 ( A.... ) "E:\WINDOWS\system32\dxtrans.dll"
2007-12-06 21:21:46 153088 ( A.... ) "E:\WINDOWS\system32\ieakeng.dll"
2007-12-06 21:21:46 133120 ( A.... ) "E:\WINDOWS\system32\extmgr.dll"
2007-12-06 21:21:46 124928 ( A.... ) "E:\WINDOWS\system32\advpack.dll"
2007-12-06 21:21:46 63488 ( A.... ) "E:\WINDOWS\system32\icardie.dll"
2007-12-06 21:21:46 44544 ( A.... ) "E:\WINDOWS\system32\iernonce.dll"
2007-12-06 06:00:58 70656 ( A.... ) "E:\WINDOWS\system32\ie4uinit.exe"
2007-12-06 06:00:58 13824 ( A.... ) "E:\WINDOWS\system32\ieudinit.exe"
2007-12-05 23:59:52 161792 ( A.... ) "E:\WINDOWS\system32\ieakui.dll"
2007-12-04 13:38:14 550912 ( A.... ) "E:\WINDOWS\system32\oleaut32.dll"
2007-12-04 08:04:28 837496 ( A.... ) "E:\WINDOWS\system32\aswBoot.exe"
2007-12-04 07:54:04 95608 ( A.... ) "E:\WINDOWS\system32\AvastSS.scr"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"E:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools-1033"="\"E:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -lock"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NapsterShell"="E:\\Program Files\\Napster\\napster.exe /systray"
"WinampAgent"="E:\\Program Files\\Winamp\\wianmpa.exe"
"Updater"="E:\\WINDOWS\\system32\\updater\\explorer.exe"
"d818dc44"="rundll32.exe \"E:\\WINDOWS\\system32\\giuffuhp.dll\",b"
"avast!"="E:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"BMa303c350"="Rundll32.exe \"E:\\WINDOWS\\system32\\jdsirgfa.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"E:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Dot1XCfg"="E:\\Program Files\\Dot1XCfg\\Dot1XCfg.exe"
"Router"="E:\\Program Files\\Router\\Router.exe"
"Oorh"="\"E:\\WINDOWS\\system32\\SKS~1\\smss.exe\" -vt ndrv"
"Dqvpgier"="E:\\WINDOWS\\system32\\??pPatch\\d?xplore.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSServer"="rundll32.exe E:\\WINDOWS\\system32\\byxwxww.dll,#1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSServer"="rundll32.exe E:\\WINDOWS\\system32\\byxwxww.dll,#1"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""


Contents of the 'Scheduled Tasks' folder

Completion time: Sat 03/01/2008 1:06:55.20
ComboFix ver 06.06.17 - This logfile is located at E:\ComboFix.txt


Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:10 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\updater\explorer.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\DOCUME~1\Riles\LOCALS~1\Temp\ir_ext_temp_1\autorun.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Updater] E:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMa303c350] Rundll32.exe "E:\WINDOWS\system32\jdsirgfa.dll",s
O4 - HKLM\..\Run: [d818dc44] rundll32.exe "E:\WINDOWS\system32\xsersyjk.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] E:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] E:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Oorh] "E:\WINDOWS\system32\SKS~1\smss.exe" -vt ndrv
O4 - HKCU\..\Run: [Dqvpgier] E:\WINDOWS\system32\??pPatch\d?xplore.exe
O4 - HKUS\S-1-5-18\..\Run: [MSServer] rundll32.exe E:\WINDOWS\system32\byxwxww.dll,#1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSServer] rundll32.exe E:\WINDOWS\system32\byxwxww.dll,#1 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162554027828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - E:\Documents and Settings\Riles\Desktop\Pictures\Subaru-Impreza04-1024.jpg
O24 - Desktop Component 1: (no name) - E:\Documents and Settings\Riles\Desktop\Pictures\Subaru_Impreza_55_1024x768.jpg

--
End of file - 7383 bytes


Thanks again!

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 AM

Posted 01 March 2008 - 08:23 AM

Hi Riles

Where did you get that copy of ComboFix from??
It is so out of date.
Please remove that copy from your system and download the latest version from within this link:
How to use ComboFix

This tool is constantly updated and these infections can only be removed with the latest version.
After you have downloaded the new version, please run a scan again and send me the new ComboFix.txt and a new HJT log.

Thanks.

BBPP6nz.png


#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:23 AM

Posted 09 March 2008 - 06:12 PM

This topic is now closed for inactivity, if you need this thread re-opened please send a Private Message to any moderator.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users