Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Protector 2008 Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 Derrios

Derrios

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 06 June 2008 - 12:19 PM

Here's my hijack this file.

Deckard's System Scanner v20071014.68
Run by Jeru on 2008-06-06 10:48:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-06 17:48:41 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-06 08:49:36 UTC - RP2 - Software Distribution Service 3.0
1: 2008-06-06 06:07:19 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jeru.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:21 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jeru\Desktop\dss.exe
C:\DOCUME~1\Jeru\Desktop\Jeru.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196143502375
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B0D0F66-23CC-4ADC-B38F-AF81D6406C36}: NameServer = 192.168.0.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8698 bytes


-- HijackThis Fixed Entries (C:\DOCUME~1\Jeru\Desktop\backups\) ----------------

backup-20080606-002811-254 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe
backup-20080606-011322-875 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe
backup-20080606-014946-975 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe
backup-20080606-015013-677 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe
backup-20080606-103330-984 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe
backup-20080606-103457-731 O4 - HKLM\..\Run: [lphcj25j0enft] C:\WINDOWS\system32\lphcj25j0enft.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 MagicTune - c:\windows\system32\drivers\mtictwl.sys <Not Verified; Samsung Electronics, Inc.; MagicTunePremium>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MagicTuneEngine - c:\program files\magictune premium\magictuneengine.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&19933FE2&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 15:53:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 10:42:19 0 dr-h----- C:\Documents and Settings\Jeru\Recent
2008-06-06 10:34:18 0 d-------- C:\Program Files\CCleaner
2008-06-06 10:20:29 0 d-------- C:\Program Files\Alwil Software
2008-06-06 00:26:00 0 d-------- C:\Documents and Settings\Jeru\Application Data\Malwarebytes
2008-06-06 00:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 00:25:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 00:08:58 0 d-------- C:\Program Files\Enigma Software Group
2008-06-05 23:17:54 626688 --a------ C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual StudioR 2005>
2008-06-05 23:17:46 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 23:02:12 89088 --a------ C:\WINDOWS\system32\atl71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-06-04 23:34:58 0 d-------- C:\Program Files\Lavasoft
2008-06-04 23:34:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:22:05 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 23:22:04 2541 --a------ C:\WINDOWS\unins000.dat
2008-06-04 23:16:45 0 d-------- C:\Documents and Settings\Jeru\Application Data\shcl25j0enft
2008-05-10 17:10:26 0 d-------- C:\Program Files\iPod
2008-05-10 17:10:22 0 d-------- C:\Program Files\iTunes
2008-05-10 17:10:15 0 d-------- C:\Program Files\Bonjour
2008-05-10 17:09:46 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-06-06 10:50:52 0 d-------- C:\Program Files\PeerGuardian2
2008-06-06 10:48:59 0 d-------- C:\Documents and Settings\Jeru\Application Data\DNA
2008-06-06 10:44:02 0 d-------- C:\Program Files\MagicTune Premium
2008-06-06 10:36:04 0 d-------- C:\Program Files\GetRight
2008-06-06 10:04:03 0 d-------- C:\Documents and Settings\Jeru\Application Data\uTorrent
2008-06-05 23:17:46 0 d-------- C:\Program Files\Common Files
2008-06-05 23:01:57 0 d-------- C:\Documents and Settings\Jeru\Application Data\AVG7
2008-06-05 00:14:49 0 d-------- C:\Program Files\DAEMON Tools
2008-06-04 23:41:25 0 d-------- C:\Documents and Settings\Jeru\Application Data\Viewpoint
2008-06-04 23:41:22 0 d-------- C:\Program Files\Viewpoint
2008-06-04 23:34:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 22:38:41 0 d-------- C:\Program Files\eMule
2008-05-24 10:50:28 0 d-------- C:\Program Files\mIRC
2008-05-04 20:30:29 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-03 15:53:49 0 d-------- C:\Program Files\Common Files\Real
2008-05-03 15:53:43 0 d-------- C:\Documents and Settings\Jeru\Application Data\Real
2008-04-25 22:37:14 0 d-------- C:\Program Files\Games Workshop
2008-04-16 12:20:23 0 d-------- C:\Documents and Settings\Jeru\Application Data\vlc
2008-04-16 12:02:52 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-04-16 11:47:59 0 d-------- C:\Program Files\VideoLAN
2008-04-13 21:03:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-08 19:15:24 0 d-------- C:\Documents and Settings\Jeru\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"@"="" []
"CTHelper"="CTHELPER.EXE" [08/17/2006 11:32 AM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/17/2006 11:32 AM C:\WINDOWS\system32\CTXFIHLP.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [11/21/2006 10:38 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 08:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 02:39 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 02:39 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 02:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 06:11 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 03:29 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"Aim6"="" []
"EVEMon"="C:\Program Files\EVEMon\EVEMon.exe" [03/04/2008 06:44 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04/04/2007 02:20 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 03:29 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 08:52 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [8/30/2007 6:53:58 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb20d58-b7f0-11db-afe3-00044b00139b}]
AutoRun\command- E:\setup\rsrc\autorun.exe
dinstall\command- E:\Directx\dxsetup.exe

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.it-mate.co.uk
127.0.0.1 it-mate.co.uk
127.0.0.1 mysteryfcm.co.uk
127.0.0.1 www.internetinspiration.co.uk
127.0.0.1 www.mvps.org
127.0.0.1 bughunter.it-mate.co.uk
127.0.0.1 www.bughunter.it-mate.co.uk
127.0.0.1 www.siri.geekstogo.com
127.0.0.1 siri.geekstogo.com
127.0.0.1 siri.urz.free.fr

18161 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-06 10:51:11 ------------

Edited by Derrios, 06 June 2008 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 19 June 2008 - 09:44 AM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.n...000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/conte...5120300087.html
http://www.smartcomputing.com/editorial/ar...38s07/38s07.asp

C:\PROGRA~1\Grisoft\AVG7\
C:\Program Files\Alwil Software\Avast4\
(uninstall one of those)

I do not see this in the HJT log: Malware Protector 2008. If you have not resolved this issue, tell me more about it, what program is finding the rouge spyware, and where is it located? Have you tried to remove it in Add Remove programs. Post more information and complete #2 before you post.

2) C:\DOCUME~1\Jeru\Desktop\Jeru.exe <<< HijackThis is not safe like you have it located, follow these directions:

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply using Add Reply.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 26 June 2008 - 04:49 PM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users