Computer ForumsComputers  

Go Back   Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished)
Reload this Page hijackthis
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
Page 1 of 4 1 23 > Last »
 
LinkBack Thread Tools Display Modes
Old 05-14-2008, 12:50 AM   #1 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default hijackthis
Original thread --> My recent AVG 8.0 scan came up with 190 "potentially dangerous objects" after my scan, all of them were HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\ files with letters and/or numbers in { } brackets. Each of them say either they found some type of adware, trojan, vundo, logger, or downloader. My computer runs completely fine though. ? ? I don't know what's going on, any ideas?

Here is the hijackthis log requested techpro. Like I said, it was only a few days ago that I posted a hijackthis log just to make sure everything was smooth, but like as my thread said I got all those warnings in a AVG scan like 20 mins ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:47 PM, on 5/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\David Fregoso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\David Fregoso\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4052 bytes
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Ksingler is offline  
Old 05-14-2008, 01:05 AM   #2 (permalink)
techpro5238
Super Techie
 
Join Date: Aug 2007
Posts: 457
Default Re: hijackthis
AVG 8 is known to do that because of some protection programs. It might be a security conflict between SG and AVG.

Run ComboFix with the below speech just in case:

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer
techpro5238 is offline  
Old 05-14-2008, 01:16 AM   #3 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default Re: hijackthis
ComboFix 08-05-12.1 - David Fregoso 2008-05-13 18:12:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.629 [GMT -7:00]
Running from: C:\Documents and Settings\David Fregoso\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-13 14:34 . 2008-05-13 14:34 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-11 09:54 . 2008-05-13 14:55 <DIR> d-------- C:\Program Files\Absolute Poker
2008-05-08 20:10 . 2008-05-13 15:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-08 20:10 . 2008-05-08 20:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 18:19 . 2008-04-14 02:42 539,136 --a--c--- C:\WINDOWS\system32\dllcache\dialer.exe
2008-05-08 01:26 . 2008-05-13 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-07 23:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-07 23:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-07 23:45 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-07 23:40 . 2008-05-07 23:40 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-07 23:39 . 2008-05-07 23:39 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-05-07 23:38 . 2008-05-07 23:38 <DIR> dr-h----- C:\MSOCache
2008-05-07 23:38 . 2008-05-08 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-07 20:07 . 2008-05-07 20:07 <DIR> d-------- C:\Program Files\Stardock
2008-05-07 20:06 . 2008-05-07 20:06 <DIR> d-------- C:\Documents and Settings\David Fregoso\Contacts
2008-05-07 19:58 . 2008-05-07 23:46 <DIR> d-------- C:\Program Files\Windows Live
2008-05-07 19:58 . 2008-05-07 20:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-07 19:58 . 2008-05-07 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-07 18:01 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-07 18:00 . 2008-05-13 15:30 <DIR> d-------- C:\Program Files\Steam
2008-05-07 17:47 . 2008-05-07 17:47 <DIR> d-------- C:\Program Files\iTunes
2008-05-07 17:47 . 2008-05-07 17:47 <DIR> d-------- C:\Program Files\iPod
2008-05-07 17:47 . 2008-05-07 17:47 <DIR> d-------- C:\Documents and Settings\David Fregoso\Application Data\Apple Computer
2008-05-07 17:46 . 2008-05-07 20:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-07 17:46 . 2008-05-07 17:46 <DIR> d-------- C:\Program Files\QuickTime
2008-05-07 17:46 . 2008-05-07 17:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-07 17:46 . 2008-05-07 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 17:19 . 2008-05-07 17:19 169 --a------ C:\WINDOWS\RtlRack.ini
2008-05-07 17:10 . 2008-05-07 17:10 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-07 17:10 . 2008-05-07 17:10 <DIR> d-------- C:\Program Files\Realtek AC97
2008-05-07 17:10 . 2008-05-07 17:10 <DIR> d-------- C:\Program Files\AvRack
2008-05-07 17:09 . 2008-05-07 17:09 <DIR> d-------- C:\Program Files\Driver
2008-05-07 17:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-07 17:08 . 2005-03-15 23:23 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys
2008-05-07 17:06 . 2008-05-07 17:06 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
2008-05-07 17:04 . 2008-05-13 14:34 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-05-07 17:04 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-05-07 16:58 . 2008-05-11 19:56 2,568 --a------ C:\WINDOWS\mozver.dat
2008-05-07 16:55 . 2008-05-07 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-07 16:49 . 2008-05-07 16:49 <DIR> d-------- C:\Documents and Settings\David Fregoso\Application Data\Logitech
2008-05-07 16:46 . 2008-05-10 10:50 <DIR> d-------- C:\Program Files\Logitech
2008-05-07 16:46 . 2008-05-07 17:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 16:46 . 2008-05-07 16:46 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-05-07 16:46 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-07 16:46 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-07 16:46 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-07 16:46 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-07 16:46 . 2003-03-18 19:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-07 16:46 . 2004-12-10 12:48 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-05-07 16:46 . 2004-12-10 12:48 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-05-07 16:46 . 2004-12-10 12:47 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-07 16:40 . 2008-05-07 16:42 <DIR> d-------- C:\WINDOWS\nview
2008-05-07 16:40 . 2008-05-07 16:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 16:40 . 2006-03-09 17:59 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 16:40 . 2006-03-09 00:29 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-07 16:40 . 2008-05-13 14:36 50,257 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-07 16:40 . 2006-03-09 00:29 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-07 16:34 . 2008-05-13 17:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:34 . 2008-05-07 16:34 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-07 16:34 . 2008-05-07 16:34 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-07 16:34 . 2008-05-07 16:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-07 16:12 . 2008-05-13 17:31 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-07 16:12 . 2008-05-13 18:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 16:12 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-07 16:12 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-05-07 16:02 . 2008-05-07 16:02 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-07 14:54 . 2008-05-07 20:05 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-07 14:51 . 2008-05-07 14:51 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-07 14:46 . 2008-05-13 18:14 7,219,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-07 14:46 . 2008-05-13 14:35 78,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-07 14:42 . 2008-05-07 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-07 14:42 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-07 14:42 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-07 14:42 . 2008-05-07 14:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-07 14:41 . 2008-05-07 14:41 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-07 14:40 . 2008-05-13 18:07 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-07 14:20 . 2008-05-07 14:20 <DIR> d-------- C:\Program Files\AVG
2008-05-07 14:20 . 2008-05-08 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 14:05 . 2008-05-07 14:05 <DIR> d---s---- C:\Documents and Settings\David Fregoso\UserData
2008-05-07 14:03 . 2008-05-13 14:54 <DIR> d-------- C:\Documents and Settings\David Fregoso
2008-05-07 14:03 . 2008-05-13 18:14 126,976 --ah----- C:\Documents and Settings\David Fregoso\NTUSER.DAT.LOG
2008-05-07 14:03 . 2008-05-07 14:03 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-07 14:02 . 2008-05-07 14:02 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-07 14:02 . 2008-05-07 14:02 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-07 14:02 . 2008-05-13 14:37 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG
2008-05-07 14:01 . 2008-05-07 14:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-07 14:01 . 2008-05-07 14:01 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-07 14:01 . 2008-05-13 14:37 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
2008-04-14 02:55 . 2008-04-14 02:55 1,804 --a------ C:\WINDOWS\system32\Dcache.bin
2008-04-14 02:46 . 2008-04-14 02:46 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:46 . 2008-04-14 02:46 329,728 --a--c--- C:\WINDOWS\system32\dllcache\netsetup.exe
2008-04-14 02:46 . 2008-04-14 02:46 80,546 --a--c--- C:\WINDOWS\system32\dllcache\apps.chm
2008-04-14 02:45 . 2008-04-14 02:45 1,202,774 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-14 02:45 . 2008-04-14 02:45 785,972 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-14 02:45 . 2008-04-14 02:45 218,134 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-14 02:45 . 2008-04-14 02:45 204,396 --a--c--- C:\WINDOWS\system32\dllcache\msimain.sdb
2008-04-14 02:45 . 2008-04-14 02:45 9,424 --a--c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-04-14 02:43 . 2008-04-14 02:43 2,109,440 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-04-14 02:43 . 2008-04-14 02:43 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2008-04-14 02:43 . 2008-04-14 02:43 299,520 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-14 02:43 . 2008-04-14 02:43 92,424 --a------ C:\WINDOWS\system32\rdpdd.dll
2008-04-14 02:43 . 2008-04-14 02:43 92,424 --a--c--- C:\WINDOWS\system32\dllcache\rdpdd.dll
2008-04-14 02:43 . 2008-04-14 02:43 12,168 --a------ C:\WINDOWS\system32\tsddd.dll
2008-04-14 02:43 . 2008-04-14 02:43 12,168 --a--c--- C:\WINDOWS\system32\dllcache\tsddd.dll
2008-04-14 02:41 . 2008-04-14 02:41 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-04-14 02:40 . 2008-04-14 02:40 844,314 --a------ C:\WINDOWS\system32\msdxm.ocx
2008-04-14 02:39 . 2008-04-14 02:39 545,280 --a------ C:\WINDOWS\system32\hhctrl.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-07 20:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 12:42 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 12:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 11:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp
2008-04-14 11:34 16,535 ----a-r C:\WINDOWS\SET8.tmp
2008-04-14 11:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp
2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 09:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 09:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 09:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 07:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 07:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-14 07:15 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-14 07:15 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-14 07:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-14 07:15 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-14 07:15 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-14 07:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 07:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 07:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-14 06:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 05:42 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 05:09 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 04:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 04:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 04:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 04:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 04:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 04:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 04:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 04:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 04:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 04:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 04:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 04:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 04:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 04:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 04:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 04:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 04:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 04:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 04:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 04:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 04:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 04:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 04:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 04:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 04:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 04:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 04:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-14 04:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 04:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 04:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 04:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 04:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 04:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 04:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 04:15 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-14 04:15 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-14 04:15 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-14 04:15 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-14 04:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 04:15 17,152 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
2008-04-14 04:15 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-04-14 04:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 04:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 04:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 04:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 04:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 04:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-14 04:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-14 04:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-14 04:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
2008-04-14 04:06 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys
2008-04-14 04:06 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 04:06 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 04:06 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 04:06 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 16:34 1177368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 00:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 00:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-03-09 00:29 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\David Fregoso\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-05-07 20:07:58 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Ksingler is offline  
Old 05-14-2008, 01:17 AM   #4 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default Re: hijackthis
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 16:34]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-15 23:23]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-07 16:34]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 16:34]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-07 16:34]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 18:14:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-05-13 18:14:52
ComboFix-quarantined-files.txt 2008-05-14 01:14:48

Pre-Run: 72,869,990,400 bytes free
Post-Run: 72,852,611,072 bytes free

290 --- E O F --- 2008-05-08 21:23:04
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Ksingler is offline  
Old 05-14-2008, 01:53 AM   #5 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default Re: hijackthis
just a FYI, all the potential threats come back every time I do a new avg scan.
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Ksingler is offline  
Old 05-14-2008, 02:25 AM   #6 (permalink)
techpro5238
Super Techie
 
Join Date: Aug 2007
Posts: 457
Default Re: hijackthis
I am seeing some bad files over one look over but I will be back later to reanalyze your logs. There is a good chance there is actually Vundo in there.

If there is, get ready for a battle.

At the moment I am doing some homework so I don't have to to read over that mammoth

Kind Regards,
Techpro5238
techpro5238 is offline  
Old 05-14-2008, 02:33 AM   #7 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default Re: hijackthis
Really? d@mn, that sucks.. especially since I did a fresh install like a week ago.
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Ksingler is offline  
Old 05-14-2008, 04:14 AM   #8 (permalink)
carnageX
Lurker Techie
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 2,150
Send a message via AIM to carnageX Send a message via MSN to carnageX Send a message via Yahoo to carnageX
Default Re: hijackthis
In the meantime, I'd suggest going through Osiris's guide: Spyware Removal Guide By Osiris
__________________

Desktop:
/Antec 900..................................Intel e6750 @ 3.53GHz\
/Arctic Cooling Freezer 7 Pro.....GigaByte GA-P35-DS3R mobo\
/2x1GB G.Skill/2x1GB OCZ Gold DDR2-800 @ 5-5-5-15, 441MHz\
\EVGA 8800GT 512MB @ 730/1000........OCZ GameXStream 700w/
\19" Hanns-G Widescreen LCD..............19" AOC Fullscreen CRT/
\SeaGate 500GB/320GB; Maxtor 160GB external; W.D. 160GB/
Laptop: Compaq C769US

3DMark06 Score: 13700 | carnageX | e6750 @ 3.53GHz | 8800GT 512MB @ 760/1080 | XP Home 32bit
carnageX is online now  
Old 05-14-2008, 04:25 AM   #9 (permalink)
Ksingler
Not a Super Techie
 
Join Date: Jan 2006
Posts: 307
Default Re: hijackthis
Ugh, do I have to? haha..I will go through the guide, but probably won't be able to get to it tonight, I have a ten minute presentation for my class that I'm doing right now on the computer. This is just weird because my computer is running absolutely perfect, no hick-ups of any sort, no random things popping up, nothing at all. I did a fresh install about a week ago. I'm running the same programs (avg, zonealarm, spyware blaster, and spyware guard as my protection programs) that I was using before I did the fresh install and they never gave me any problems.

I'm just venting haha, thanks for the help really.
__________________
Athlon 64 3200+ Venice
1GB dual-channel 400mhz Corsair Value ram
Western Digital 80GB 7200rpm 8mb Sata
BIOSTAR 7600GS 256MB PCI-Ex16
BIOSTAR TForce6100-939 mobo
Logitech x530s, mx518, elite keyboard
SENNHEISER PC151 headset
COOLER MASTER Centurion 5 blk/blue
Acer AL1916W(blk) 19\" 5ms widescreen LCD
Last edited by Ksingler; 05-14-2008 at 04:30 AM.
Ksingler is offline  
Old 05-14-2008, 12:49 PM   #10 (permalink)
carnageX
Lurker Techie
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 2,150
Send a message via AIM to carnageX Send a message via MSN to carnageX Send a message via Yahoo to carnageX
Default Re: hijackthis
Well it certainly would help . There's a vundofix tool in the guide, which may fix your vundo if you indeed do have one. Among other nice little utilities that can be run . Hope you get it sorted out.
__________________

Desktop:
/Antec 900..................................Intel e6750 @ 3.53GHz\
/Arctic Cooling Freezer 7 Pro.....GigaByte GA-P35-DS3R mobo\
/2x1GB G.Skill/2x1GB OCZ Gold DDR2-800 @ 5-5-5-15, 441MHz\
\EVGA 8800GT 512MB @ 730/1000........OCZ GameXStream 700w/
\19" Hanns-G Widescreen LCD..............19" AOC Fullscreen CRT/
\SeaGate 500GB/320GB; Maxtor 160GB external; W.D. 160GB/
Laptop: Compaq C769US

3DMark06 Score: 13700 | carnageX | e6750 @ 3.53GHz | 8800GT 512MB @ 760/1080 | XP Home 32bit
carnageX is online now  
 
Page 1 of 4 1 23 > Last »

« Slowdown in COD4 + Halo.. I think its clean though | Very frustrated, any help would be greatly appreciated. »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
HijackThis Tutorial & Guide Osiris HijackThis Logs (analyze) 0 01-29-2008 10:47 PM
HijackThis Tutorial & Guide Osiris Virus - Spyware Protection / Detection 0 01-29-2008 07:25 PM
My HijackThis Log aetherh4cker HijackThis Logs (finished) 10 11-28-2007 12:58 PM
Messed Up Links? - HiJackThis log requested by "peterhuang913" smssoleimani Virus - Spyware Protection / Detection 5 06-10-2007 03:11 PM


All times are GMT. The time now is 04:36 AM.

Contact Us - Computer Technology Forums - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 RC8

Contact Management Software and AAOutlook