Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished) » Hijack This Log File (need help quick please)
 
LinkBack Thread Tools Display Modes
 
Old 03-03-2009, 07:00 PM   #1 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Hijack This Log File (need help quick please)
I recently bought a used computer from a friend and as soon as i hooked it up to internet
it starting having problems (It had WebHancer on it) . It brought up alot of pop-ups even tho i wasn't even on it at the time So i downloaded and installed AVG free edition and when i ran it it took like 3 hours and it came up with like 300+ threats. So i got rid of them and restarted my computer And i couldnt connect to the internet The connection had little or no conectivity
i tried clicking repair but it said could not renew the ip. i tried CMD Ipconfig/release and ipcongif/renew and it said something about a socket, so i googled it and downloaded LSP-FIX - Winsock 2 repair utility And that fixed the internet problem and it seemed fine until i got up this morning where avg was running and it kept bringing up virus Detected. So i rebooted in safemode and ran hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:16 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl2 2&revid=10702&uid=17c96a2e077711dea4f2177850ffffff &guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ver=4 052
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http :// click.getmirar .com (HKLM)
O15 - Trusted Zone: http :// click.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// redirect.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// awbeta.net-nucleus .com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

--
End of file - 7351 bytes
Last edited by Trotter; 03-03-2009 at 07:09 PM. Reason: Broke links
<-(BrOkEn)-> is offline  
Old 03-03-2009, 07:27 PM   #2 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,087

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Hijack This Log File (need help quick please)
Remove

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl2 2&revid=10702&uid=17c96a2e077711dea4f2177850ffff ff &guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ve r=4 052

O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)

O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)


O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)

O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687

O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b

O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s


O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a

O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')

O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)

O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll

O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)


O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

Remove what you can then run combofix and then malwarebytes and then post a new hijackthis log and post the logs from the other 2 as well
__________________
Osiris is offline  
Old 03-03-2009, 08:26 PM   #3 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Re: Hijack This Log File (need help quick please)
Ok gonna go do that know. where can i download combofix and malewarebytes
<-(BrOkEn)-> is offline  
Old 03-03-2009, 08:53 PM   #4 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Re: Hijack This Log File (need help quick please)
Ok i removed them and then restarted
btw avg keeps finding C:\WINDOWS\STSTEM32\Gijeluhe.dll as an Trojan Horse SHeur2.TNQ

Heres the new log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:38 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\muhenali.dll",a
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKUS\S-1-5-19\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\fogarese.dll c:\windows\system32\muhenali.dll,C:\WINDOWS\System 32\gijeluhe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\muhenali.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\muhenali.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

--
End of file - 6205 bytes
<-(BrOkEn)-> is offline  
Old 03-03-2009, 09:27 PM   #5 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,087

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Hijack This Log File (need help quick please)
You can find both in my guide below
__________________
Osiris is offline  
Old 03-04-2009, 02:58 AM   #6 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Re: Hijack This Log File (need help quick please)
ok i ran combofix then malwarebytes then hijack this again

ComboFix 09-03-02.03 - Jeremy 2009-03-03 21:31:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.210 [GMT -6:00]
Running from: c:\documents and settings\Jeremy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Daniel McKee\Cookies\hpothb07.dat
c:\documents and settings\Daniel McKee\Cookies\hpothb07.tif
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
c:\program files\Common Files\download
c:\program files\Common Files\inetget
c:\program files\Common Files\vcclient
c:\program files\Common Files\vcclient\ClientUpdater.bat
c:\program files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
c:\program files\Common Files\vcclient\temp.txt
c:\program files\Common Files\vcclient\VCClient.exe.config
c:\program files\Common Files\vcclient\VCUpdate.exe.config
c:\program files\Common Files\vcclient\Version.txt
c:\program files\Common Files\windows
c:\program files\Common Files\windows\AutoIt3.exe
c:\program files\Common Files\windows\autoitscript.au3
c:\program files\Common Files\windows\psapi.dll
c:\program files\inetget2
c:\program files\INSTALL.LOG
c:\program files\network monitor
c:\program files\whInstall
c:\program files\whInstall\license.txt
c:\program files\whInstall\readme.txt
c:\program files\whInstall\Sporder.dll
c:\program files\whInstall\whAgent.inf
c:\program files\whInstall\whAgent.ini
c:\program files\whInstall\whInstaller.ini
c:\windows\RGFuaWVsIE1jS2Vl\
c:\windows\RGFuaWVsIE1jS2Vl\\l3IRuqpPKHY3mZp5.vbs
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\azbxnz.dll
c:\windows\system32\eieugq.dll
c:\windows\system32\eraseme_14486.exe
c:\windows\system32\eraseme_72331.exe
c:\windows\system32\eyomehut.ini
c:\windows\system32\fogarese.dll
c:\windows\System32\gijeluhe.dll
c:\windows\system32\imkcwy.dll
c:\windows\system32\muhenali.dll
c:\windows\system32\nomuyalo.dll
c:\windows\system32\patayaru.dll
c:\windows\system32\poyiyele.dll
c:\windows\system32\sesukaje.dll
c:\windows\system32\tsuninst.exe
c:\windows\system32\tuhemoye.dll
c:\windows\system32\urayatap.ini
c:\windows\system32\volosejo.dll
c:\windows\system32\zilabivi.dll
c:\windows\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_LSASS
-------\Legacy_MICROSOFT_MEDIA_TOOLS
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RDRIV
-------\Legacy_SYSMGR64
-------\Service_cmdService
-------\Service_lsass
-------\Service_MicroSoft Media Tools
-------\Service_Network Monitor
-------\Service_rdriv
-------\Service_sysmgr64


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-03 20:50 . 2008-04-14 05:42 218,624 --a------ c:\windows\SYSTEM32\uxtheme.uxtender
2009-03-03 20:50 . 2009-03-03 20:50 218,624 --a------ C:\uxtheme.uxtender
2009-03-03 20:30 . 2009-03-02 17:52 211 -rahs---- C:\BOOT.BKK
2009-03-03 02:50 . 2009-03-03 02:51 <DIR> d-------- c:\program files\Opera
2009-03-03 02:19 . 2009-03-03 07:52 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-03-02 20:52 . 2009-03-02 20:59 <DIR> d-------- C:\VIRUS
2009-03-02 20:35 . 2009-03-03 12:16 <DIR> d-------- C:\!KillBox
2009-03-02 20:29 . 2009-03-02 20:29 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 18:49 . 2009-03-03 21:05 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-02 18:45 . 2009-03-02 18:45 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\AVGTOOLBAR
2009-03-02 18:24 . 2009-03-02 18:24 325,128 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-03-02 18:24 . 2009-03-02 18:24 107,272 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-03-02 18:24 . 2009-03-02 18:24 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-03-02 18:23 . 2009-03-03 19:16 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-03-02 18:23 . 2009-03-02 18:23 <DIR> d-------- c:\program files\AVG
2009-03-02 18:23 . 2009-03-03 02:13 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\AVGTOOLBAR
2009-03-02 18:23 . 2009-03-03 21:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-03-02 17:56 . 2009-03-02 17:57 6,503 --a------ c:\windows\SYSTEM32\spupdsvc.inf
2009-03-02 17:46 . 2009-03-02 17:46 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-03-02 17:40 . 2009-03-02 17:47 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-02 17:38 . 2008-04-14 05:42 123,392 --------- c:\windows\SYSTEM32\mplay32.exe
2009-03-02 17:32 . 2006-12-29 00:31 19,569 --a------ c:\windows\002460_.tmp
2009-03-02 17:31 . 2007-08-10 20:46 26,488 --a------ c:\windows\SYSTEM32\spupdsvc.exe
2009-03-02 17:25 . 2009-03-02 17:25 <DIR> d-------- c:\windows\EHome
2009-03-02 16:28 . 2009-03-02 16:28 <DIR> d---s---- c:\documents and settings\Jeremy\UserData
2009-03-02 09:24 . 2002-08-29 05:00 138,752 --a------ c:\windows\SNDVOL32.EXE
2009-02-28 20:11 . 2009-03-02 15:16 1,773 --a------ c:\windows\checkip.dat
2009-02-26 04:46 . 2009-02-26 04:46 32 --a------ c:\windows\basefx.INI
2009-02-26 04:31 . 2009-02-26 04:31 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Jasc
2009-02-26 04:11 . 2009-02-26 04:11 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Apple Computer
2009-02-26 04:04 . 2009-02-26 04:04 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Sonic
2009-02-26 04:03 . 2009-03-02 18:24 <DIR> d-------- c:\documents and settings\Jeremy
2009-02-25 21:55 . 2009-02-25 21:55 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Jasc
2009-02-25 21:53 . 2009-02-25 21:53 21,840 --a------ c:\windows\SYSTEM32\SIntfNT.dll
2009-02-25 21:53 . 2009-02-25 21:53 17,212 --a------ c:\windows\SYSTEM32\SIntf32.dll
2009-02-25 21:53 . 2009-02-25 21:53 12,067 --a------ c:\windows\SYSTEM32\SIntf16.dll
2009-02-25 20:07 . 2009-02-25 20:07 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Learn2.com
2009-02-25 14:41 . 2008-04-14 00:15 10,624 --a------ c:\windows\SYSTEM32\DRIVERS\gameenum.sys
2009-02-24 18:47 . 2009-02-25 21:13 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-24 18:47 . 2007-06-19 22:35 24,096 --a------ c:\windows\SYSTEM32\DRIVERS\ts_lb.sys
2009-02-24 13:54 . 2009-02-24 13:54 444 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2009-02-24 09:23 . 2009-02-24 09:23 0 --a------ c:\windows\nsreg.dat
2009-02-24 09:14 . 2002-08-28 22:59 36,224 --a------ c:\windows\SYSTEM32\DRIVERS\an983.sys
2009-02-24 09:14 . 2002-08-28 22:59 36,224 --a--c--- c:\windows\SYSTEM32\DLLCACHE\an983.sys
2009-02-24 08:23 . 2009-02-25 16:41 <DIR> d-------- c:\program files\iTunes
2009-02-24 08:23 . 2009-02-24 08:23 <DIR> d-------- c:\program files\iPod
2009-02-24 08:23 . 2009-02-24 14:05 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Apple Computer
2009-02-24 08:20 . 2009-02-24 08:21 <DIR> d-------- c:\program files\Apple Software Update
2009-02-24 08:20 . 2009-02-24 08:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-02 15:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 09:22 --------- d-----w c:\program files\My Organizer
2009-02-26 06:59 --------- d-----w c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\MSN6
2009-02-24 14:22 --------- d-----w c:\program files\QuickTime
2004-11-20 16:38 554 -c-ha-w c:\documents and settings\Daniel McKee\Application Data\hpothb07.dat
2004-11-20 16:38 353 -c-ha-w c:\documents and settings\Daniel McKee\hpothb07.dat
2004-11-20 16:38 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2004-07-16 02:23 255 -c-ha-w c:\program files\hpothb07.tif
2004-07-16 02:23 146 -c-ha-w c:\program files\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\NetworkService\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\LocalService\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat
2002-08-29 11:00 339,968 ----a-w c:\program files\MSPAINT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-16 7110656]
"NvMediaCenter"="c:\windows\System32\NvMcTray. dll" [2005-07-16 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-02-05 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-02 1601304]

c:\documents and settings\Daniel McKee\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-06-07 256000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-03-03 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-02 18:24 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-03-02 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-03-02 107272]
R1 ts_lb;ts_lb;c:\windows\SYSTEM32\DRIVERS\ts_lb.sys [2009-02-24 24096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-02 298264]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [2009-03-02 26488]
S2 CQUBVYLR;CQUBVYLR;\??\c:\windows\System32\cqubvylr .zgj --> c:\windows\System32\cqubvylr.zgj [?]
S2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS --> c:\norman\Nse\bin\NDISKIO.SYS [?]
S2 Shell32Extender;Microsoft Windows Explorer Shell Subsystem;"c:\windows\system32\shell32.exe" --> c:\windows\system32\shell32.exe [?]
S3 CV2K1;CommView Network Monitor;c:\windows\SYSTEM32\DRIVERS\cv2k1.sys [2008-02-22 19240]
S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys --> c:\norman\Nvc\bin\nvcfsr.sys [?]
S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl5 1.sys --> c:\norman\Nvc\bin\nvcoafl51.sys [?]
S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft5 1.sys --> c:\norman\Nvc\bin\nvcoaft51.sys [?]
S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc5 1.sys --> c:\norman\Nvc\bin\nvcoarc51.sys [?]
S3 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe --> c:\norman\Nvc\bin\nvcoas.exe [?]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE --> c:\norman\Nvc\BIN\NVCSCHED.EXE [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\System32\Drivers\Ps Sdk30.drv --> c:\windows\System32\Drivers\PsSdk30.drv [?]
S4 mcafeeWALLP;mcafeeWALLP;"c:\windows\mcafeeWALLX.ex e" --> c:\windows\mcafeeWALLX.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SetupWizard.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - c:\windows\System32\yipiwopa.dll
HKLM-Run-fumobigavu - c:\windows\System32\bokiluve.dll


.
------- Supplementary Scan -------
.
Trusted Zone: mirarsearch.com\click
Trusted Zone: mirarsearch.com\redirect
FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\ig66ysgi.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 21:40:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\C QUBVYLR]
"ImagePath"="\??\c:\windows\System32\cqubvylr. zgj"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\P sSdk30]
"ImagePath"="\??\c:\windows\System32\Drivers\PsSdk 30.drv"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\spnpinst.exe
c:\windows\SYSTEM32\sysocmgr.exe
c:\windows\SYSTEM32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
************************************************** ************************
.
Completion time: 2009-03-03 21:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 03:44:20

Pre-Run: 11,812,872,192 bytes free
Post-Run: 12,046,061,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

253
<-(BrOkEn)-> is offline  
Old 03-04-2009, 02:59 AM   #7 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Re: Hijack This Log File (need help quick please)
Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/4/2009 1:54:02 AM
mbam-log-2009-03-04 (01-53-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 156612
Time elapsed: 1 hour(s), 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mediagateway.installer (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\mediagateway.installer.1 (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1 (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{91e523db-2a1c-4231-bb06-9be27c28739a} (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tsuninst.e xe.vir (Adware.TargetSaver) -> No action taken.
C:\System Volume Information\_restore{09EB8D28-02B3-4B62-A6FD-9D7BFB94EE29}\RP100\A0156337.exe (Adware.TargetSaver) -> No action taken.
C:\usbdr.exe (Trojan.FakeAlert) -> No action taken.
C:\usbdrivr098.exe (Trojan.FakeAlert) -> No action taken.
C:\usbwx.exe (Trojan.FakeAlert) -> No action taken.
<-(BrOkEn)-> is offline  
Old 03-04-2009, 03:01 AM   #8 (permalink)
 
Newb Techie

Join Date: Mar 2009

Posts: 6

<-(BrOkEn)-> is on a distinguished road
Default Re: Hijack This Log File (need help quick please)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11 AM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

--
End of file - 5191 bytes




Thank you for the help i think it worked
<-(BrOkEn)-> is offline  
Old 03-04-2009, 08:46 AM   #9 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,087

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Hijack This Log File (need help quick please)
Remove

O15 - Trusted Zone: Mirar (HKLM)

O15 - Trusted Zone: Mirar (HKLM)

O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

Run combofix again and then Malwarebytes and then post a new log along with the other logs
__________________
Osiris is offline  
 
 

« Logs for inspection | well, heres my rutine scan, plz look at this as quick u can »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Explorer.exe CRASHES INSTANTLY =( [F] wootwoot HijackThis Logs (finished) 28 07-15-2008 02:47 PM
hijack log. [F] plumber4578 HijackThis Logs (finished) 4 06-27-2008 01:44 AM
WTF is a Bad Block? MikesCreation Hardware Troubleshooting 18 02-24-2008 09:31 PM
My home PC hijackthis log BrendanGrady HijackThis Logs (finished) 19 02-04-2008 11:15 PM
Hijack this log file help e40water HijackThis Logs (finished) 4 11-20-2007 07:30 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 03:38 PM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered