Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Look At My Logs - Possible Rootkit?


  • This topic is locked This topic is locked
2 replies to this topic

#1 tkcomputer

tkcomputer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 June 2008 - 04:40 PM

I just installed avast and on first scan it showed a rootkit (?) - which it says it deleted...Can someone please take a look at the following logs and see if all is well?
THanks so much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:37 PM, on 6/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1209606994\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209606994\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209509747281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 4728 bytes

Deckard's System Scanner v20071014.68
Run by Kathi on 2008-06-28 16:34:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-06-28 21:34:40 UTC - RP36 - Deckard's System Scanner Restore Point
35: 2008-06-28 20:39:57 UTC - RP35 - Restore Operation
34: 2008-06-28 20:30:48 UTC - RP34 - Restore Operation
33: 2008-06-15 12:37:55 UTC - RP33 - Restore Operation
32: 2008-06-07 00:34:39 UTC - RP32 - System Checkpoint


-- First Restore Point --
1: 2008-04-29 22:36:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kathi.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:57 PM, on 6/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1209606994\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kathi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209606994\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209509747281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

--
End of file - 4734 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 PciCon - d:\pcicon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Reset 5 - c:\windows\system32\srvany.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 16:32:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-28 16:30:55 0 d-------- C:\Program Files\Yahoo!
2008-06-28 16:30:49 0 d-------- C:\Program Files\CCleaner
2008-06-28 16:28:38 0 d-------- C:\Program Files\Trend Micro
2008-06-28 15:32:30 0 d-------- C:\Documents and Settings\LocalService\ContentWatch
2008-06-28 15:31:32 0 d-------- C:\Program Files\ContentWatch(2)
2008-06-28 14:40:50 0 d-------- C:\Program Files\Alwil Software
2008-06-28 14:35:21 0 d-------- C:\NVIDIA
2008-06-28 12:14:32 0 d-------- C:\WINDOWS\pss
2008-06-28 12:08:38 0 d-------- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\Templates
2008-06-28 12:08:38 0 d-------- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\Local Settings
2008-06-28 12:08:38 0 d-------- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\Cookies
2008-06-28 12:08:38 0 d-------- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\Application Data
2008-06-28 12:08:38 0 d-------- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\Application Data\Microsoft
2008-06-28 12:08:27 524288 --ah----- C:\Documents and Settings\Administrator.KATHI-7T5YBPG95\NTUSER.DAT
2008-06-15 09:17:03 0 d--hs---- C:\found.000
2008-06-06 19:34:38 1716224 --a------ C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\ntuser.dat
2008-05-29 22:35:30 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\ContentWatch


-- Find3M Report ---------------------------------------------------------------

2008-06-28 15:41:21 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\uTorrent
2008-06-28 15:41:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-28 15:41:16 0 d-------- C:\Program Files\AOL 9.0
2008-06-01 13:39:57 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Move Networks
2008-05-31 19:08:25 0 d-------- C:\Program Files\Common Files\aol
2008-05-29 18:37:07 0 d-------- C:\Program Files\World of Warcraft
2008-05-07 06:13:30 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Adobe
2008-05-07 05:47:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 05:47:36 0 d-------- C:\Program Files\Common Files
2008-05-02 15:29:29 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-02 06:19:57 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Sun
2008-05-02 06:19:20 0 d-------- C:\Program Files\Java
2008-05-02 06:17:48 0 d-------- C:\Program Files\Common Files\Java
2008-04-30 20:57:28 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Macromedia
2008-04-30 20:57:28 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\AOL
2008-04-30 20:57:14 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-04-30 20:57:14 0 d-------- C:\Program Files\Common Files\aolshare
2008-04-30 20:57:03 0 d-------- C:\Program Files\Viewpoint
2008-04-30 20:55:37 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-29 17:59:02 0 d-------- C:\Program Files\WfpAdmin
2008-04-29 17:56:14 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-29 17:54:09 8192 --a------ C:\WINDOWS\System32\resetwpa.reg
2008-04-29 17:54:09 370 --a------ C:\WINDOWS\System32\reset5.dat
2008-04-29 17:36:22 0 d-------- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Identities
2008-04-29 17:21:42 0 d-------- C:\Program Files\microsoft frontpage
2008-04-29 17:20:26 0 d-------- C:\Program Files\Movie Maker
2008-04-29 17:19:23 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-04-29 17:08:40 0 -rahs---- C:\MSDOS.SYS
2008-04-29 17:08:40 0 -rahs---- C:\IO.SYS
2008-04-29 17:08:40 0 --a------ C:\CONFIG.SYS
2008-04-29 17:08:40 0 --a------ C:\AUTOEXEC.BAT
2008-04-29 17:06:59 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-29 17:06:22 0 d-------- C:\Program Files\Online Services
2008-04-29 17:06:20 0 d-------- C:\Program Files\Messenger
2008-04-29 17:06:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-29 17:06:12 0 d-------- C:\Program Files\Windows NT
2008-04-29 12:16:49 62 --ahs---- C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\desktop.ini
2008-04-29 12:02:48 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-29 12:02:45 0 d-------- C:\Program Files\Common Files\SpeechEngines


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [09/19/2005 08:32 PM]
"nwiz"="nwiz.exe" [09/19/2005 08:32 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [09/19/2005 08:32 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1209606994\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [04/18/2007 01:49 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5]
reset5.dll 09/09/2002 03:30 PM 17408 C:\WINDOWS\system32\reset5.dll

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER



-- End of Deckard's System Scanner: finished at 2008-06-28 16:35:18 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1023.48 MiB / 640.06 MiB
Pagefile Memory (total/avail): 2462.55 MiB / 2149.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 152.66 GiB total, 125.19 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6B160R0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 152.66 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KATHI-7T5YBPG95
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kathi.KATHI-7T5YBPG95.001
LOGONSERVER=\\KATHI-7T5YBPG95
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KATHIK~1.001\LOCALS~1\Temp
TMP=C:\DOCUME~1\KATHIK~1.001\LOCALS~1\Temp
USERDOMAIN=KATHI-7T5YBPG95
USERNAME=Kathi
USERPROFILE=C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kathi.KATHI-7T5YBPG95.001 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Kathi.KATHI-7T5YBPG95.001\Application Data\Move Networks\ie_bin\Uninst.exe
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP nForce Drivers --> rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WfpAdmin (remove only) --> "C:\Program Files\WfpAdmin\uninstall.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type165 / Warning
Event Submitted/Written: 06/28/2008 03:44:11 PM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.

Event Record #/Type164 / Error
Event Submitted/Written: 06/28/2008 03:42:47 PM
Event ID/Source: 1009 / Windows Product Activation
Event Description:
You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone.

Event Record #/Type163 / Warning
Event Submitted/Written: 06/28/2008 03:42:33 PM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type161 / Error
Event Submitted/Written: 06/28/2008 03:38:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application cwadmintools.exe, version 2.6.3.6, faulting module cwadmintools.exe, version 2.6.3.6, fault address 0x00006714.

Event Record #/Type159 / Error
Event Submitted/Written: 06/28/2008 03:35:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application cwadmintools.exe, version 2.6.3.6, faulting module cwadmintools.exe, version 2.6.3.6, fault address 0x00006714.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4553 / Error
Event Submitted/Written: 06/28/2008 03:44:59 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 861cfbf8, parameter2 8618e288, parameter3 86388240, parameter4 00000001.

Event Record #/Type4552 / Error
Event Submitted/Written: 06/28/2008 03:44:58 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 8621b020, parameter2 861d75f0, parameter3 86207a98, parameter4 00000001.

Event Record #/Type4551 / Error
Event Submitted/Written: 06/28/2008 03:44:58 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 861bd6f8, parameter2 861ee4a0, parameter3 8621eda8, parameter4 00000001.

Event Record #/Type4550 / Error
Event Submitted/Written: 06/28/2008 03:44:57 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 86011790, parameter2 861de540, parameter3 86289ab0, parameter4 00000001.

Event Record #/Type4549 / Error
Event Submitted/Written: 06/28/2008 03:44:56 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 86116da8, parameter2 86223d80, parameter3 86385858, parameter4 00000001.



-- End of Deckard's System Scanner: finished at 2008-06-28 16:35:18 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 PM

Posted 20 July 2008 - 06:56 PM

Hello tkcomputer,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:54 PM

Posted 07 August 2008 - 07:32 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users