Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:win32/vundo-gen!c And Vundo-gen!e


  • This topic is locked This topic is locked
3 replies to this topic

#1 sallyann1

sallyann1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:england
  • Local time:04:08 AM

Posted 17 June 2008 - 05:26 PM

Deckard's System Scanner v20071014.68
Run by sallyann drake on 2008-06-17 23:14:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
121: 2008-06-17 22:15:03 UTC - RP292 - Deckard's System Scanner Restore Point
120: 2008-06-17 20:05:15 UTC - RP291 - Microsoft OneCare Protection Checkpoint
119: 2008-06-17 19:56:22 UTC - RP290 - Installed Windows XP KB923845.
118: 2008-06-17 19:55:46 UTC - RP289 - Installed Windows XP KB914882.
117: 2008-06-17 18:50:37 UTC - RP288 - Cleaned registry with Windows Live OneCare safety scanner


-- First Restore Point --
1: 2008-06-17 07:54:28 UTC - RP172 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as sallyann drake.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:53, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSExplorer.EXE
C:Program FilesSigmaTelC-Major AudioWDMStacsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveFirewallmsfwsvc.exe
C:Program FilesMicrosoft Windows OneCare Livewinss.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesIntelIntelDHIntel® Quick Resume TechnologyELService.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesDigital Media Readerreadericon45G.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSzHotkey.exe
C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBigFixbigfix.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Documents and Settingssallyann drake.sallyMy Documentsdss.exe
C:PROGRA~1TRENDM~1HIJACK~1sallyann drake.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5042B
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5042B
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {BB75BCEB-500E-406E-9DBB-42747AA85240} - C:WINDOWSsystem32yayvTLFv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:windowssystem32BAE.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [readericon] C:Program FilesDigital Media Readerreadericon45G.exe
O4 - HKLM..Run: [CHotkey] zHotkey.exe
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 - HKLM..Run: [Reminder] %WINDIR%CreatorRemind_XP.exe
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [IntelAudioStudio] "C:Program FilesIntel Audio StudioIntelAudioStudio.exe" BOOT
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [OneCareUI] "C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixbigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and Settingssallyann drake.sallyStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194728101375
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.iwin.com/global/premium/po...aploader_v6.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:Program FilesIntelIntelDHIntel® Quick Resume TechnologyELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program FilesSigmaTelC-Major AudioWDMStacsv.exe

--
End of file - 9511 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid - c:windowssystem32driverselhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd - c:windowssystem32driverselkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon - c:windowssystem32driverselmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou - c:windowssystem32driverselmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>

S3 DCamUSBNW800 (CIF USB Camera (2110)) - c:windowssystem32driverspcam800.sys (file missing)
S3 EagleNT - c:windowssystem32driverseaglent.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:windowssystem32driverslvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:windowssystem32driverslv561av.sys (file missing)
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:windowssystem32driversss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:windowssystem32driversss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:windowssystem32driversss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
S3 XBCD (XBCD Kernel Module) - c:windowssystem32driversxbcd.sys <Not Verified; Redcl0ud; XBCD>
S3 XDva099 - c:windowssystem32xdva099.sys (file missing)
S3 XDva104 - c:windowssystem32xdva104.sys (file missing)
S3 XDva114 - c:windowssystem32xdva114.sys (file missing)
S3 XDva128 - c:windowssystem32xdva128.sys (file missing)
S3 XDva131 - c:windowssystem32xdva131.sys (file missing)
S3 XDva136 - c:windowssystem32xdva136.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ELService (Intel® Quick Resume Technology Drivers) - "c:program filesintelinteldhintel® quick resume technologyelservice.exe" <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R2 STacSV (SigmaTel Audio Service) - c:program filessigmatelc-major audiowdmstacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 FLEXnet Licensing Service - "c:program filescommon filesmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 03:00:02 526 --a------ C:WINDOWSTasksAntispyware Scheduled Scan.job


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 23:16:25 0 d-------- C:Program FilesTrend Micro
2008-06-17 20:56:23 0 d-------- C:WINDOWSsystem32bits
2008-06-17 20:47:37 0 d-------- C:Program FilesMicrosoft Windows OneCare Live
2008-06-17 17:47:38 0 dr-h----- C:Documents and Settingssallyann drake.sallyRecent
2008-06-17 12:47:56 0 d-------- C:VundoFix Backups
2008-06-17 00:01:44 0 d-------- C:Program FilesWindows Live Safety Center
2008-06-16 23:19:33 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataGrisoft
2008-06-16 23:19:22 0 d-------- C:Documents and SettingsAll UsersApplication DataGrisoft
2008-06-16 22:54:14 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataAntispyware
2008-06-16 10:17:41 691545 --a------ C:WINDOWSunins000.exe
2008-06-16 10:17:41 2549 --a------ C:WINDOWSunins000.dat
2008-06-16 10:14:26 0 d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-06-16 09:49:47 0 d-------- C:Program FilesCCleaner
2008-06-16 09:35:42 0 d-------- C:Documents and SettingsDefault UserApplication DataAdobe
2008-06-16 06:43:54 0 d-------- C:Documents and SettingsAll UsersApplication DataSITEguard
2008-06-16 06:43:30 0 d-------- C:Program FilesCommon FilesiS3
2008-06-16 06:43:30 0 d-------- C:Documents and SettingsAll UsersApplication DataSTOPzilla!
2008-06-15 13:56:43 188725 --ahs---- C:WINDOWSsystem32vFLTvyay.ini2
2008-06-15 13:56:34 322944 -----n--- C:WINDOWSsystem32yayvTLFv.dll
2008-06-15 03:16:19 1160 --a------ C:WINDOWSmozver.dat
2008-06-15 03:15:41 0 --a------ C:WINDOWSnsreg.dat
2008-06-15 03:15:29 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataMozilla
2008-06-11 02:15:06 0 d-------- C:Program FilesSmartAudioConverterPro
2008-06-11 02:04:15 45056 --a------ C:WINDOWSsystem32WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-11 02:04:15 16512 --a------ C:WINDOWSsystem32driversASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-24 07:41:35 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataVentrilo


-- Find3M Report ---------------------------------------------------------------

2008-06-17 22:53:57 12 --a------ C:WINDOWSbthservsdp.dat
2008-06-16 23:32:51 0 d-------- C:Program FilesCommon Files
2008-06-16 23:32:32 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataSUPERAntiSpyware.com
2008-06-14 23:20:43 0 d-------- C:Program FilesKnight Online
2008-06-11 01:59:56 73216 --a------ C:WINDOWSST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-11 00:20:00 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataLimeWire
2008-05-19 11:33:10 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataImage Zone Express
2008-05-13 16:23:14 0 d--h----- C:Program FilesInstallShield Installation Information
2008-05-13 15:59:51 0 d-------- C:Program FilesAVG
2008-05-05 19:06:11 0 d-------- C:Program FilesCommon FilesSWF Studio
2008-04-29 05:28:58 0 d-------- C:Documents and Settingssallyann drake.sallyApplication Datavlc
2008-04-28 02:13:30 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataAdobe
2008-04-28 01:53:45 0 d-------- C:Program FilesBonjour
2008-04-28 01:53:43 0 d-------- C:Program FilesCommon FilesAdobe
2008-04-28 01:47:02 0 d-------- C:Program FilesCommon FilesMacrovision Shared
2008-04-25 15:05:01 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataTmpRecentIcons
2008-04-21 04:26:48 0 d-------- C:Program FilesBlender Foundation
2008-04-21 03:10:58 0 d-------- C:Documents and Settingssallyann drake.sallyApplication DataDownload Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{BB75BCEB-500E-406E-9DBB-42747AA85240}]
15/06/2008 13:56 322944 --------- C:WINDOWSsystem32yayvTLFv.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [06/08/2005 05:56]
"igfxtray"="C:WINDOWSsystem32igfxtray.exe" [20/09/2005 04:35]
"igfxhkcmd"="C:WINDOWSsystem32hkcmd.exe" [20/09/2005 04:32]
"igfxpers"="C:WINDOWSsystem32igfxpers.exe" [20/09/2005 04:36]
"readericon"="C:Program FilesDigital Media Readerreadericon45G.exe" [09/12/2005 19:44]
"CHotkey"="zHotkey.exe" [08/12/2004 18:57 C:WINDOWSzHotkey.exe]
"IAAnotif"="C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe" [12/10/2005 13:30]
"Reminder"="%WINDIR%CreatorRemind_XP.exe" []
"Recguard"="%WINDIR%SMINSTRECGUARD.EXE" []
"IntelAudioStudio"="C:Program FilesIntel Audio StudioIntelAudioStudio.exe" [15/01/2006 02:05]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [19/02/2006 03:41]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [22/02/2008 05:25]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 20:00 C:WINDOWSsystem32bthprops.cpl]
"AVG8_TRAY"="C:PROGRA~1AVGAVG8avgtray.exe" [13/05/2008 15:59]
"OneCareUI"="C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe" [28/05/2008 12:35]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"="C:Program FilesWindows LiveMessengerMsnMsgr.exe" [18/10/2007 12:34]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [14/10/2004 00:24]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [10/08/2004 20:00]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
BigFix.lnk - C:Program FilesBigFixbigfix.exe [28/10/2007 21:23:50]
HP Digital Imaging Monitor.lnk - C:Program FilesHPDigital Imagingbinhpqtra08.exe [19/02/2006 05:21:22]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"=C:WINDOWSResourcesThemesRoyale.theme

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32yayvTLFv

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalOneCareMP]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-17 23:17:47 ------------

should mention symptoms ,, automatic updates been turned off can not turn back on , pop ups every time i open ie page .loseing my internet connection alot , and ie just shutting pages down frequently

Merged posts. ~ OB


have just performed asecond hijackthis scan just incase anything has changed since yesterdays post ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:04, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5042B
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5042B
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\sallyann drake.sally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194728101375
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.iwin.com/global/premium/po...aploader_v6.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe

--
End of file - 8657 bytes

Edited by sallyann1, 18 June 2008 - 05:50 AM.


BC AdBot (Login to Remove)

 


m

#2 sallyann1

sallyann1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:england
  • Local time:04:08 AM

Posted 18 June 2008 - 02:22 AM

sorry didnt know it had to all be in the same post

#3 sallyann1

sallyann1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:england
  • Local time:04:08 AM

Posted 18 June 2008 - 11:18 AM

after reading alot of articles on your forum simular to my problem, and running a few things from your site and installing 1 or to programmes from your site and useing them , im happy to say i have fixed the problem myself useing your products thank you everyone whom posted as this helped me solve my own issues

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:08 PM

Posted 19 June 2008 - 11:53 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users