Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[hjt Log] Badly Infected Computer


  • Please log in to reply
1 reply to this topic

#1 dragonv480

dragonv480

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 08 June 2008 - 03:12 PM

Hi all!

I was recently asked by an acquaintence to look at their PC because it has started running slowly, and he feared spyware (as he'd heard the term from his company's IT team (although thought "spyware" was a particular product or single entity))

Anyway I digress, I agreed to look at the machine for him. It was running Norton Internet Security at the time, but he didn't seem happy with it. Neither was I, so I removed it and added a licenced version of AVG Internet Security, at least for the diagnostic part of what I was going to do.

Several hours later (as it was VERY slow), AVG reports 853 threats and no less than 58 individual virii infestations, with the balance in AVG's spyware catagory. OK, at this point, you may think "reinstall, it's quicker", but I thought we'd continue and learn something from this.

So using various tools I've cleaned the system down, but thought I'd use both HJT and ComboFix to see what they said, and I thought I'd at least post the HJT log (via DSS) here to see what is made of the result. All advice appreciated.

main.txt:

Run by Compaq_Owner on 2008-06-08 20 _linenums:58'>Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-06-08 20:58:30Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --25: 2008-06-08 19:58:36 UTC - RP212 - Deckard's System Scanner Restore Point24: 2008-06-08 17:43:55 UTC - RP211 - ComboFix created restore point23: 2008-06-08 16:38:26 UTC - RP210 - Software Distribution Service 3.022: 2008-06-08 11:09:51 UTC - RP209 - Software Distribution Service 3.021: 2008-05-19 18:15:14 UTC - RP208 - Installed AVG 7.5-- First Restore Point -- 1: 2008-04-18 20:45:52 UTC - RP188 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:59:18, on 08/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Kontiki\KService.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Kontiki\KHost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\wscntfy.exeC:\hjt\dss.exeC:\hjt\Compaq_Owner.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://uk.msn.com/"]http://uk.msn.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: (no name) - {57005885-28EA-4FBA-B7CF-F22A089FD000} - C:\WINDOWS\system32\awtsQGwT.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: {25012fbe-9146-27e9-27f4-1f8e7ff89287} - {78298ff7-e8f1-4f72-9e72-6419ebf21052} - C:\WINDOWS\system32\myjknage.dll (file missing)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [2cc79eda] rundll32.exe "C:\WINDOWS\system32\lwolqsvk.dll",bO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -allO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab"]http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url]O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - [url="http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB"]http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB[/url]O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dllO20 - Winlogon Notify: tuvSjIcD - tuvSjIcD.dll (file missing)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe--End of file - 7213 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------All services whitelisted.-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Files created between 2008-05-08 and 2008-06-08 -----------------------------2008-06-08 19:15:19         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-06-08 19:15:17         0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-06-08 19:15:15         0 d-------- C:\WINDOWS\LastGood2008-06-08 19:05:25         0 d-------- C:\hjt2008-06-08 18:43:30     68096 --a------ C:\WINDOWS\zip.exe2008-06-08 18:43:30     49152 --a------ C:\WINDOWS\VFind.exe2008-06-08 18:43:30    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>2008-06-08 18:43:30    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>2008-06-08 18:43:30    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>2008-06-08 18:43:30     98816 --a------ C:\WINDOWS\sed.exe2008-06-08 18:43:30     80412 --a------ C:\WINDOWS\grep.exe2008-06-08 18:43:30     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-06-08 17:43:24         0 d-------- C:\WINDOWS\network diagnostic2008-05-19 21:04:25         0 dr-h----- C:\$VAULT$.AVG2008-05-19 19:19:53         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG72008-05-19 19:15:49         0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AVG72008-05-19 19:15:25         0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-05-19 19:15:25         0 d-------- C:\Documents and Settings\All Users\Application Data\avg72008-05-19 18:57:03         0 d-------- C:\Program Files\Save-- Find3M Report ---------------------------------------------------------------2008-05-19 18:50:14         0 d-------- C:\Program Files\Common Files\Symantec Shared2008-05-19 18:50:13         0 d-------- C:\Program Files\Symantec2008-05-19 18:49:23         0 d-------- C:\Program Files\Common Files2008-05-19 18:47:46         0 d-------- C:\Program Files\System Doctor Free2008-05-19 18:36:01         0 d-------- C:\Program Files\MalwareAlarm2008-05-05 08:53:59      8785 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\update.log2008-05-03 22:10:33         0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\System Doctor Free-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57005885-28EA-4FBA-B7CF-F22A089FD000}]			C:\WINDOWS\system32\awtsQGwT.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78298ff7-e8f1-4f72-9e72-6419ebf21052}]			C:\WINDOWS\system32\myjknage.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 14:03]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2005 21:05]"KBD"="C:\HP\KBD\KBD.EXE" [03/02/2005 00:44]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [20/09/2005 00:26]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 21:43]"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 21:47 C:\WINDOWS\ALCXMNTR.EXE]"PS2"="C:\WINDOWS\system32\ps2.exe" [25/10/2004 23:17]"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [11/05/2005 01:50]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [16/02/2005 23:11]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58]"2cc79eda"="C:\WINDOWS\system32\lwolqsvk.dll" []"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/05/2008 19:15][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2007 11:37]"kdx"="C:\Program Files\Kontiki\KHost.exe" [25/01/2008 11:08]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableRegistrytools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 19/05/2008 19:15 9216 C:\WINDOWS\system32\avgwlntf.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSjIcD] tuvSjIcD.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27cc5b8a-262e-11da-9088-806d6172696f}]AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480-- End of Deckard's System Scanner: finished at 2008-06-08 20:59:57 ------------

And extra.txt:

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture _linenums:0'>Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: AMD Sempron(tm) Processor 3000+Percentage of Memory in Use: 73%Physical Memory (total/avail): 446.48 MiB / 116.17 MiBPagefile Memory (total/avail): 1053.73 MiB / 602.63 MiBVirtual Memory (total/avail): 2047.88 MiB / 1932.21 MiBC: is Fixed (NTFS) - 143.33 GiB total, 134.28 GiB free. D: is Fixed (FAT32) - 5.7 GiB total, 2.26 GiB free. E: is CDROM (No Media)F: is Removable (No Media)G: is Removable (No Media)H: is Removable (No Media)I: is Removable (No Media)\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N/R - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 5.71 GiB - D: \PARTITION1 (bootable) - Installable File System - 143.33 GiB - C:\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.FirstRunDisabled is set.FW: AVG Firewall 7.5.500 v7.5.500 (@Company_Name)AV: AVG 7.5.523 v7.5.523 (Grisoft) Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service""C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe""C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe""C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe""C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Compaq_Owner\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=FREDComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\Compaq_OwnerLOGONSERVER=\\FREDNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMDPROCESSOR_LEVEL=15PROCESSOR_REVISION=2f02ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipSESSIONNAME=ConsoleSonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempTMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempUSERDOMAIN=FREDUSERNAME=Compaq_OwnerUSERPROFILE=C:\Documents and Settings\Compaq_Ownerwindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Compaq_Owner (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlockAdobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanAVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALLBBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}Compaq Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalledEasy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonlyGoogle Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"HijackThis 2.0.2 --> "C:\hjt\HijackThis.exe" /uninstallHP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}Internet from BT --> MsiExec.exe /X{9110F8E8-7233-4A10-B1F8-A2C97F5F8F9E}InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALLJ2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exeMicrosoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}MSN Music Mediabar --> C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}"Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA} /l2057 PS2 --> C:\WINDOWS\system32\ps2.exe uninstallPython 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOGQuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}-- Application Event Log -------------------------------------------------------Event Record #/Type25699 / ErrorEvent Submitted/Written: 06/08/2008 07:22:03 PMEvent ID/Source: 100 / AVG7Event Description:2008-06-08 18:22:03,375 FRED [001824:003132] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network errorEvent Record #/Type25683 / ErrorEvent Submitted/Written: 06/08/2008 01:22:46 PMEvent ID/Source: 100 / AVG7Event Description:2008-06-08 12:22:46,031 FRED [003380:000692] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network errorEvent Record #/Type25677 / ErrorEvent Submitted/Written: 06/08/2008 11:56:09 AMEvent ID/Source: 100 / AVG7Event Description:2008-06-08 10:56:09,000 FRED [001048:001264] ERROR 000 AVG7.CORE CreateFile(pipe) failed, err=2Event Record #/Type25676 / ErrorEvent Submitted/Written: 06/08/2008 11:56:08 AMEvent ID/Source: 100 / AVG7Event Description:2008-06-08 10:56:08,671 FRED [001048:001264] ERROR 000 AVG7.CORE CreateFile(pipe) failed, err=2Event Record #/Type25675 / ErrorEvent Submitted/Written: 05/19/2008 09:05:30 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Faulting application rundll32.exe, version 5.1.2600.2180, faulting module ochygycp.dll, version 0.0.0.0, fault address 0x00001ca6.Processing media-specific event for [rundll32.exe!ws!]-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type57544 / ErrorEvent Submitted/Written: 06/08/2008 11:57:42 AMEvent ID/Source: 7000 / Service Control ManagerEvent Description:The Application Layer Gateway Service service failed to start due to the following error: %%1053Event Record #/Type57543 / ErrorEvent Submitted/Written: 06/08/2008 11:57:42 AMEvent ID/Source: 7009 / Service Control ManagerEvent Description:Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.Event Record #/Type57534 / ErrorEvent Submitted/Written: 05/19/2008 07:49:06 PMEvent ID/Source: 10010 / DCOMEvent Description:The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.Event Record #/Type57533 / ErrorEvent Submitted/Written: 05/19/2008 07:43:08 PMEvent ID/Source: 10010 / DCOMEvent Description:The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.Event Record #/Type57528 / ErrorEvent Submitted/Written: 05/19/2008 07:23:19 PMEvent ID/Source: 7000 / Service Control ManagerEvent Description:The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053-- End of Deckard's System Scanner: finished at 2008-06-08 20:59:57 ------------

Many thanks!

GW

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2008 - 06:13 AM

Hi and Welcome to the Forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users