Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] Bug in windows?please help

[Fixed] Hijackthis! Logs - [Fixed] Bug in windows?please help posted in the Security & Safety forums; I Have been having multiple problems in windows 1.i lost task manager ( managed ot get it back with a program i found onthe net ) 2.i lost the run ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 11-28-2007
villain81's Avatar
Bronze Member
  
Join Date: Nov 2007
Location: Birmingham , England
Posts: 23
PC Experience: Some Experience
villain81 - See this Members User comments on their Profile page
Unhappy [Fixed] Bug in windows?please help
I Have been having multiple problems in windows

1.i lost task manager ( managed ot get it back with a program i found onthe net )

2.i lost the run command ( tried getting it back with the norun but it says administrator has disabled it yet im the administrator and did no such thing lol )

3.on internet explorer after about an hour or so it will lock up and the egg timer will appear,,i will have to end the iexplorer.exe in task manager then restart the pc to get on the explorer again

4.windows media player 11 no longer lets me watch videos or add more than 1 mp3 to playlist,,that will freeze and again i will have to end it in task manager.

5.in windows messanger when i type theres no problem,but when i click send the msn will lock up for about 7 seconds befor the person i am chatting to recieves the message

i was asked to post hijack this n spyware logs so here they are as follows

any help would be extremely appreciated as i dont fancy re installing windows

~~~~~ HIJACK THIS ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:45, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wayne\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} - c:\PROGRA~1\wss.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GSICONEXE] -gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180194181546
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.c...pcuploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063572B4-5507-4C83-A6A5-EAF91997AFE9}: NameServer = 194.74.65.68 194.72.9.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{063572B4-5507-4C83-A6A5-EAF91997AFE9}: NameServer = 194.74.65.68 194.72.9.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{063572B4-5507-4C83-A6A5-EAF91997AFE9}: NameServer = 194.74.65.68 194.72.9.34
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6372 bytes


~~~~~ AVG SPYWARE RESULTS ~~~~~

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:02:41 27/11/2007
+ Scan result:

C:\Documents and Settings\wayne\Cookies\wayne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@4.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@connextra[2].txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@ad.uk.doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\wayne\Cookies\wayne@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{305C100C-F527-46BF-99CE-ADC9A67C6D7A}\RP105\A0132036.exe -> Trojan.Agent.cpz : No action taken.
D:\System Volume Information\_restore{305C100C-F527-46BF-99CE-ADC9A67C6D7A}\RP109\A0134057.exe -> Trojan.Agent.cpz : No action taken.

::Report end
  #2  
Old 11-29-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,057
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Bug in windows?please help
Download, unzip and run LSPFix.exe to remove rlls.dll from your winsock layers. In order to do this, click the "I know what I'm doing" checkbox and check all instances of rlls.dll (and nothing else). Then move all checked files to the "Remove" pane and click Finish and reboot.
http://www.cexx.org/lspfix.htm

=================

This will help to identify any malware on your system.
Please download Combofix from HERE or HERE

Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 11-29-2007
villain81's Avatar
Bronze Member
  
Join Date: Nov 2007
Location: Birmingham , England
Posts: 23
PC Experience: Some Experience
villain81 - See this Members User comments on their Profile page
Default Re: Bug in windows?please help
Here are the new log files for hijack this and combofix,may i add so far so good,i have the run command back and did a quick test on msn and everything seems to be ok so far....

~~~~~ Combo Fix Log ~~~~~

ComboFix 07-11-29.3 - wayne 2007-11-29 11:07:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.678 [GMT 0:00]
Running from: C:\Documents and Settings\wayne\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\silc_dll.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-27 14:29 . 2007-11-27 14:29 <DIR> d-------- C:\Documents and Settings\wayne\Application Data\Grisoft
2007-11-27 14:29 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 11:21 . 2007-11-26 11:21 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-26 11:16 . 2007-11-26 13:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-26 11:16 . 2007-11-26 13:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-26 11:15 . 2007-11-26 11:15 <DIR> d-------- C:\dc11bec1720ace7a6bc075fbd2
2007-11-26 11:15 . 2007-11-26 11:16 <DIR> d-------- C:\d36555b3eab5fea814eb015b
2007-11-26 11:13 . 2007-11-26 11:13 <DIR> d-------- C:\e685eab6be10675c5ba1ecfe19e14c
2007-11-24 21:32 . 2007-11-24 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-23 09:31 . 2007-11-23 09:31 <DIR> d-------- C:\Program Files\Google
2007-11-23 09:31 . 2007-11-23 09:31 <DIR> d-------- C:\Program Files\Ashampoo
2007-11-23 09:31 . 2007-11-23 09:31 <DIR> d-------- C:\Documents and Settings\wayne\Application Data\SopCast
2007-11-18 01:13 . 2007-11-18 01:13 <DIR> d-------- C:\Documents and Settings\wayne\Application Data\Lavasoft
2007-11-18 01:12 . 2007-11-18 01:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-15 12:18 . 2007-11-15 12:18 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-11-15 04:01 . 2007-11-15 04:01 712,704 --a------ C:\WINDOWS\system32\rlph.dll
2007-11-10 19:08 . 2007-11-10 19:08 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-10 14:20 . 2007-11-10 14:20 1,830,488 --a------ C:\WINDOWS\system32\Magical_Holiday.scr
2007-11-10 14:18 . 2007-11-10 14:18 8,047,577 --a------ C:\WINDOWS\system32\Santa's Sleigh Works.scr
2007-11-10 14:16 . 2007-11-10 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
2007-10-29 08:02 . 2007-10-29 08:02 <DIR> d-------- C:\Program Files\Maketorrent 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-29 10:47 --------- d-----w C:\Documents and Settings\wayne\Application Data\AVG7
2007-11-29 01:40 --------- d-----w C:\Documents and Settings\wayne\Application Data\uTorrent
2007-11-26 11:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-12 14:37 --------- d-----w C:\Documents and Settings\wayne\Application Data\Vso
2007-11-10 14:20 78,336 ----a-w C:\WINDOWS\pysoft_uninstaller.exe
2007-10-27 10:45 --------- d-----w C:\Program Files\**** NFO Viewer
2007-10-22 07:37 --------- d-----w C:\Program Files\DivX
2007-10-22 07:37 --------- d-----w C:\Program Files\BT Voyager 100 ADSL Modem
2007-10-20 13:44 --------- d-----w C:\Program Files\Advanced GIF Animator
2007-10-20 06:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-15 22:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-14 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-13 20:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-13 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-01 18:47 --------- d-----w C:\Program Files\Common Files\Synacast
2007-10-01 18:47 --------- d-----w C:\Documents and Settings\wayne\Application Data\PPMate
2007-08-04 15:07 62,808 ----a-w C:\Documents and Settings\wayne\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="-RUNDLL32.exe" []
"nwiz"="-nwiz.exe" []
"NvMediaCenter"="-RUNDLL32.exe" []
"GSICONEXE"="-gsicon.exe" []
"DSLAGENTEXE"="dslagent.exe" [2003-04-25 10:52 C:\WINDOWS\system32\dslagent.exe]
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 11:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 11:44]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fuzzy Over Clocking.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fuzzy Over Clocking.lnk
backup=C:\WINDOWS\pss\Fuzzy Over Clocking.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2006-11-17 15:49 77824 --a------ C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 10:12 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\ccleaner.exe /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 17:52 462935 --a------ C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\vias raid.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys
R3 wanusb;BT Voyager 100 ADSL Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\wayne\LOCALS~1\Temp\ AMDPCI.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 ITEIO;ITEIO;\??\C:\WINDOWS\system32\drivers\ITEIO. sys
.
************************************************** ************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 11:09:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...


~~~~~ HIJACK THIS LOG ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\wayne\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GSICONEXE] -gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180194181546
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.c...pcuploader.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5245 bytes
  #4  
Old 11-29-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,057
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Bug in windows?please help
Ok.That all looks ok now.No more malware to come out.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 11-29-2007
villain81's Avatar
Bronze Member
  
Join Date: Nov 2007
Location: Birmingham , England
Posts: 23
PC Experience: Some Experience
villain81 - See this Members User comments on their Profile page
Default Re: Bug in windows?please help
Thanks alot mate computers working a treat now



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« C++ runtime library error, ? spyware or conflict | Hijack this log -- malicious malaware must die!! »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
<News> QuickTime Bug Gives Hackers New Drive-by Attack Newsie IT News 0 09-14-2007 08:44 AM
<News> Attacks Likely Against Unpatched Mac OS Samba Bug Newsie IT News 0 07-28-2007 08:34 AM
<News> Wi-Fi Bug Found in Linux Newsie IT News 0 04-14-2007 08:32 AM
Google Maps - Serious Bug Hengis The Lounge 1 09-30-2006 11:45 PM
[Fixed] Problem with: mswinup.exe | winsvcup.exe | winupsvc.exe Irmaxx [Fixed] Hijackthis! Logs 10 09-20-2006 02:55 AM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 10:01 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Loans
Loans information and advice from money expert.

Online Dating
Find your match with eHarmony.com

Web Advertising
Join the free co-op advertising network and increase your traffic.