PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page Malware
[Fixed] Hijackthis! Logs - Malware posted in the Spyware / AdWare forums; My Computer has malware that I can get off, I have read the instruction how to ask a question but don't quiet understand it so pardon me if I ...

REGISTER NOW to remove these Ads

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 4 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Default Malware
My Computer has malware that I can get off, I have read the instruction how to ask a question but don't quiet understand it so pardon me if I did something that I should not do.
I have some information that i will post they may not be what you want but I friend got it from my computer and advised me that this will be useful.

Deckard's System Scanner v20071014.68
Run by mrwise on 2008-04-11 13:45:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 13:46:01
Platform: Windows XP (5.01.2600)
MSIE: Internet Explorer (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
A:\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search Network
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search Network
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = My Excite
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Search Gateway for Google
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\speech\Dragon\web_ie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [test] 1
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe /COMPLETECACHE
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Clean Junk Files at StartUp] "C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" /CLEANJUNK
O4 - HKCU\..\Run: [Perform Defrag and Optimize at StartUp] "C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" /DEFRAG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [test] 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - AltaVista (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - AltaVista (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - AltaVista - Babel Fish Translation (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - AltaVista - Babel Fish Translation (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O15 - Trusted IP Range: 88.80.5.21 (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} () - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1144274692351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144274644172
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} () - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} () - http://imgfarm.com/images/nocache/co...up1.0.0.12.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 11550 bytes
-- Files created between 2008-03-11 and 2008-04-11 -----------------------------
2008-04-11 08:41:46 0 d-------- C:\WINDOWS\LastGood
2008-04-09 15:37:12 0 d-------- C:\Documents and Settings\mrwise\Application Data\AVG7
2008-04-09 15:36:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-09 15:36:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 15:36:17 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-09 14:33:12 0 d-------- C:\WINDOWS\Prefetch
2008-04-09 14:14:14 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-09 13:46:47 0 d-------- C:\WINDOWS\setup.pss
2008-04-05 19:48:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-05 16:31:06 0 d--hs---- C:\FOUND.015
2008-04-05 16:04:02 0 d-------- C:\Program Files\ThreatFire
2008-04-05 16:04:02 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-05 09:53:16 0 d-------- C:\Documents and Settings\mrwise\Application Data\WinIFixer.com
2008-04-05 09:52:32 160256 --a------ C:\WINDOWS\System32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-02 17:38:18 37027 --a------ C:\WINDOWS\atmoUn.exe
2008-04-01 19:50:10 0 d--hs---- C:\FOUND.014
2008-03-30 19:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 16:52:58 0 d-------- C:\WINDOWS\Sun
2008-03-30 16:52:58 0 d-------- C:\Documents and Settings\mrwise\Application Data\Sun
2008-03-30 16:51:03 0 d-------- C:\Program Files\Java
2008-03-30 16:50:35 0 d-------- C:\Program Files\Common Files\Java
2008-03-16 19:05:54 0 d--hs---- C:\FOUND.013

-- Find3M Report ---------------------------------------------------------------
2008-04-09 14:15:12 22720 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-02-15 16:19:58 0 d-------- C:\Documents and Settings\mrwise\Application Data\Comodo
2008-02-01 15:19:48 1 --a------ C:\SYSTEMGE

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 10:50 AM]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [02/15/2008 10:20 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/09/2008 03:36 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"iolo Task Agent"="C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe" []
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY" []
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"Clean Junk Files at StartUp"="C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" [01/26/2005 12:16 PM]
"Perform Defrag and Optimize at StartUp"="C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" [01/26/2005 12:16 PM]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/23/2001 11:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"test"=1 (0x1)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 4 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Default Re: Malware
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"test"=1 (0x1)
"System Mechanic Cache Cleanup"=C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe /COMPLETECACHE
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CAMEDIA Master.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CAMEDIA Master.lnk
backup=C:\WINDOWS\pss\CAMEDIA Master.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Excite Community Tools Notifier]
"C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Excite Private Messenger Pipe]
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spark]
D:\Program Files\Spark\Spark.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Stopper]
"C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer]
C:\Program Files\WinIFixer\WinIFixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDM PMSP Service]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"AIM"=C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EX E
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"ScanRegistry"=c:\windows\scanregw.exe /autorun
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"EACLEAN"=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
"Service Connection"=c:\cpqs\bwtools\sccenter.exe
"CIJ3P2PSERVER"=CIJ3P2PS.EXE
"LoadQM"=loadqm.exe
"AvconsoleEXE"=C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
"VsecomrEXE"=C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON .EXE
"CPQEASYACC"=C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
"CPQInet"=c:\compaq\CPQInet\CpqInet.exe
"CompaqPrinTray"=PrinTray.exe
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL,S
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EX E
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\setup\disabledrunkeys]
"Digital Dashboard"=C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
"VsStatEXE"=C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON .EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"Hidserv"=Hidserv.exe run
"HC Reminder"=hc.exe
"AolAcsDaemon1"="C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

-- End of Deckard's System Scanner: finished at 2008-04-11 13:47:17 ------------
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 4 Weeks Ago
Jelly Bean's Avatar
Tech Support Team
My PC
 
Posts: 2,388
PC Experience: Experienced
Location: Swansea
Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page
Send a message via MSN to Jelly Bean Send a message via Yahoo to Jelly Bean Send a message via Skype™ to Jelly Bean
Default Re: Malware
Hello and welcome to PC Help Forum.

Let me just move your thread to hijackthis logs,you will then get help quicker.

Did you do our prework?

If no then click "prework" link in pink below.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 4 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Thumbs up Re: Malware
I noticed that in prepration there are a lot of things to be done, please advise if
a) Should all the software be downloaded before starting the test or they are downloaded as you go along .?
b) Do all test have to be done on the same day ( i.e the computer have to remain on or it can be turn off after a test and continue another time .?
c) About how much time the entire test should take ( Because I want to know so that I can make time to do the test) .?
Thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #5  
Old 4 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Thumbs up Re: Malware
I did the pre-work but i will state my problem first

When I am on the internet I get the following messages
1) Message from local system to user
Cricital error message-Register damaged or Corrupt to fix this problem.
Open Internet Explorer and type : registrycleaner.com
Once you load the web page, close this window
After you install the cleaner program you will not receive anymore reminder or pop-up like this
Visit registercleanerxp.com IMMEDIATLY.

2) Message from system Alert
Your System Register is Corrupted and need to be clean immediatly
Compromised registry files can lead to the following
a) Complete access of your computer by hackers
b) Slow speed resulting in slow download of internet files
c) The comprmise of personal information store on your computer
d) Complete system failure resulting in the need for a complete reinstall of your hard drive
To fix this problem.
1) Open internet explorer
2) In the URL fieldtype : adjustHere.com
3) Note all version of windows are supported
4) Once you load the program, close this window
Please note that once you visit to adjustHere.com amd install the cleaner program you will not receive anymore reminder or pop-up like this one
adjustHere.com
Here is my pre-work
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:00 PM, on 4/13/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search Network
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search Network
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = My Excite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Search Gateway for Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\SPEECH\DRAGON\WEB_IE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "F:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [test] 
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Clean Junk Files at StartUp] "C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" /CLEANJUNK
O4 - HKCU\..\Run: [Perform Defrag and Optimize at StartUp] "C:\Program Files\iolo\System Mechanic 4\BACKUP\SysMech4.exe" /DEFRAG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "F:\Program Files\CyberDefender\AntiSpyware\cdasf.exe" /minimize
O4 - HKCU\..\RunOnce: [test] 
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - AltaVista (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - AltaVista (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - AltaVista - Babel Fish Translation (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - AltaVista - Babel Fish Translation (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1144274692351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144274644172
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://imgfarm.com/images/nocache/co...up1.0.0.12.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 10804 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #6  
Old 4 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Thumbs up Re: Malware
I forget to mention that one of the threat found could not be quarantine it show a error in the report.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #7  
Old 3 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Malware
Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #8  
Old 3 Weeks Ago
George001's Avatar
Bronze Member
  
Posts: 28
PC Experience: Beginner
George001 - See this Members User comments on their Profile page
Thumbs up Re: Malware
Here are the new findings.
)))))))))))))))))))))))
.
C:\Documents and Settings\mrwise\Application Data\WinIFixer.com
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\03F7E577.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.h tml
C:\Program Files\FunWebProducts\Shared\Cache\res100.html
C:\WINDOWS\start.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-13 10:11 . 2008-04-13 10:11 <DIR> d-------- C:\Documents and Settings\mrwise\Application Data\Grisoft
2008-04-13 10:09 . 2008-04-13 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 10:01 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-04-12 11:24 . 2008-04-12 11:23 67,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAVFS.sys
2008-04-09 15:37 . 2008-04-09 15:37 <DIR> d-------- C:\Documents and Settings\mrwise\Application Data\AVG7
2008-04-09 15:36 . 2008-04-09 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-09 15:36 . 2008-04-09 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 15:36 . 2008-04-09 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-09 14:27 . 2001-08-17 22:36 431,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\EXCH_smtpsvc.dll
2008-04-09 14:26 . 2001-08-23 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\mtstocom.exe
2008-04-09 14:25 . 2001-08-23 06:00 240,640 --a------ C:\WINDOWS\SYSTEM32\dllcache\infocomm.dll
2008-04-09 14:24 . 2001-08-23 06:00 240,640 --a------ C:\WINDOWS\SYSTEM32\dllcache\httpext.dll
2008-04-09 14:23 . 2001-08-23 06:00 339,456 --a------ C:\WINDOWS\SYSTEM32\dllcache\asp51.dll
2008-04-09 14:22 . 2001-08-17 22:36 2,134,528 --a------ C:\WINDOWS\SYSTEM32\dllcache\EXCH_smtpsnap.dll
2008-04-09 14:20 . 2001-08-17 22:36 166,400 --a------ C:\WINDOWS\SYSTEM32\CQ30SUI.DLL
2008-04-09 14:20 . 2001-07-21 18:52 25,645 --a------ C:\WINDOWS\SYSTEM32\CNBJHLP.HLP
2008-04-09 14:20 . 2001-07-21 18:52 787 --a------ C:\WINDOWS\SYSTEM32\CNBJHLP.CNT
2008-04-09 14:17 . 2001-08-23 06:00 405,504 --a------ C:\WINDOWS\SYSTEM32\dllcache\swflash.ocx
2008-04-09 14:17 . 2008-04-09 14:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-09 14:17 . 2008-04-09 14:17 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-04-09 14:17 . 2008-04-09 14:17 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-04-09 14:17 . 2008-04-09 14:17 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2008-04-09 14:17 . 2008-04-09 14:17 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-04-09 14:17 . 2008-04-09 14:17 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-04-09 14:16 . 2001-08-23 06:00 157,696 --a------ C:\WINDOWS\SYSTEM32\dllcache\npdrmv2.dll
2008-04-09 14:16 . 2001-08-23 06:00 155,648 --a------ C:\WINDOWS\SYSTEM32\dllcache\icwhelp.dll
2008-04-09 14:16 . 2001-08-23 06:00 73,728 --a------ C:\WINDOWS\SYSTEM32\dllcache\icwtutor.exe
2008-04-09 14:16 . 2001-08-23 06:00 61,440 --a------ C:\WINDOWS\SYSTEM32\dllcache\icwres.dll
2008-04-09 14:16 . 2001-08-23 06:00 57,344 --a------ C:\WINDOWS\SYSTEM32\dllcache\icwconn.dll
2008-04-09 14:16 . 2001-08-23 06:00 45,056 --a------ C:\WINDOWS\SYSTEM32\dllcache\icwutil.dll
2008-04-09 14:16 . 2001-08-23 06:00 40,960 --a------ C:\WINDOWS\SYSTEM32\dllcache\trialoc.dll
2008-04-09 14:16 . 2001-08-23 06:00 24,576 --a------ C