I have a closed hijackthis thread where crush had asked for a combofix log. I had given my friend her computer back. She just brought it back and I am going to post mbam, hijackthis and combofix logs I just ran. I believe she has two installations of XP on here, not sure why or if she even knows. This is a Dimension 4550.
Mbam:
Malwarebytes' Anti-Malware 1.31
Database version: 1604
Windows 5.1.2600 Service Pack 3
1/3/2009 6:11:58 PM
mbam-log-2009-01-03 (18-11-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 187220
Time elapsed: 1 hour(s), 58 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:51 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\LEXBCES.EXE
C:\WINDOWS2\system32\LEXPPS.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\wanmpsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\AOL\1139524247\ee\AOLSoftware.exe
C:\WINDOWS2\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS2\explorer.exe
C:\WINDOWS2\system32\notepad.exe
C:\Documents and Settings\tammy\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139524247\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS2\system32\spool\drivers\w32x86\3\hpztsb 07.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230564828390
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=26688
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab42268.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS2\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS2\wanmpsvc.exe
--
End of file - 8397 bytes
Combofix:
ComboFix 09-01-02.01 - tammy 2009-01-03 18:21:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.59 [GMT -5:00]
Running from: c:\documents and settings\tammy\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\George Simpson\Cookies\hpothb07.dat
c:\documents and settings\George Simpson\Cookies\hpothb07.tif
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVG
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 16:12 . 2009-01-03 16:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 16:12 . 2008-12-03 19:54 38,496 --a------ c:\windows2\system32\drivers\mbamswissarmy.sys
2009-01-03 16:12 . 2008-12-03 19:54 15,504 --a------ c:\windows2\system32\drivers\mbam.sys
2008-12-31 04:08 . 2009-01-03 11:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-30 03:04 . 2008-10-16 14:06 268,648 --a------ c:\windows2\system32\mucltui.dll
2008-12-30 03:04 . 2008-10-16 14:06 27,496 --a------ c:\windows2\system32\mucltui.dll.mui
2008-12-29 19:28 . 2008-12-30 17:15 <DIR> d-------- c:\program files\PamperedPartnerPlus
2008-12-29 14:32 . 2009-01-03 18:33 <DIR> d-------- c:\windows2\system32\drivers\Avg
2008-12-29 14:32 . 2008-12-29 14:32 324,872 --a------ c:\windows2\system32\drivers\avgldx86.sys
2008-12-29 14:32 . 2008-12-29 14:32 107,272 --a------ c:\windows2\system32\drivers\avgtdix.sys
2008-12-29 14:32 . 2008-12-29 14:32 12,552 --a------ c:\windows2\system32\drivers\avgrkx86.sys
2008-12-29 14:32 . 2008-12-29 14:32 10,520 --a------ c:\windows2\system32\avgrsstx.dll
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\program files\AVG
2008-12-29 14:31 . 2008-12-29 14:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\avg8
2008-12-29 13:29 . 2008-12-29 13:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\TEMP
2008-12-29 13:28 . 2008-12-29 13:30 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-29 12:13 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows2\system32\dllcache\ieframe.dll
2008-12-29 12:13 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows2\system32\dllcache\ieapfltr.dat
2008-12-29 12:13 . 2007-03-08 00:10 991,232 -----c--- c:\windows2\system32\dllcache\ieframe.dll.mui
2008-12-29 12:13 . 2008-10-16 15:38 459,264 -----c--- c:\windows2\system32\dllcache\msfeeds.dll
2008-12-29 12:13 . 2008-10-16 15:38 383,488 -----c--- c:\windows2\system32\dllcache\ieapfltr.dll
2008-12-29 12:13 . 2008-10-16 15:38 267,776 -----c--- c:\windows2\system32\dllcache\iertutil.dll
2008-12-29 12:13 . 2008-10-16 15:38 63,488 -----c--- c:\windows2\system32\dllcache\icardie.dll
2008-12-29 12:13 . 2008-10-16 15:38 52,224 -----c--- c:\windows2\system32\dllcache\msfeedsbs.dll
2008-12-29 12:13 . 2008-10-16 08:11 13,824 -----c--- c:\windows2\system32\dllcache\ieudinit.exe
2008-12-29 11:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows2\system32\dllcache\bthport.sys
2008-12-29 11:51 . 2008-09-08 05:41 333,824 -----c--- c:\windows2\system32\dllcache\srv.sys
2008-12-29 11:51 . 2008-08-14 05:04 138,496 -----c--- c:\windows2\system32\dllcache\afd.sys
2008-12-29 11:50 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows2\system32\dllcache\ntoskrnl.exe
2008-12-29 11:50 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows2\system32\dllcache\ntkrnlmp.exe
2008-12-29 11:50 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows2\system32\dllcache\ntkrnlpa.exe
2008-12-29 11:50 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows2\system32\dllcache\ntkrpamp.exe
2008-12-29 11:50 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows2\system32\dllcache\win32k.sys
2008-12-29 11:49 . 2008-04-11 14:04 691,712 -----c--- c:\windows2\system32\dllcache\inetcomm.dll
2008-12-29 11:49 . 2008-10-15 11:34 337,408 -----c--- c:\windows2\system32\dllcache\netapi32.dll
2008-12-29 11:49 . 2008-05-08 09:02 203,136 -----c--- c:\windows2\system32\dllcache\rmcast.sys
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\windows2\system32\scripting
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\windows2\system32\en
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\windows2\system32\bits
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\windows2\l2schemas
2008-12-29 10:19 . 2008-12-29 10:18 410,984 --a------ c:\windows2\system32\deploytk.dll
2008-12-29 10:19 . 2008-12-29 10:18 73,728 --a------ c:\windows2\system32\javacpl.cpl
2008-12-29 10:10 . 2008-12-29 10:27 <DIR> d-------- c:\program files\NOS
2008-12-29 10:10 . 2008-12-29 10:27 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\NOS
2008-12-29 08:22 . 2008-12-29 10:22 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy
2008-12-29 08:18 . 2008-12-29 08:21 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2008-12-29 06:04 . 2008-12-29 06:04 <DIR> d-------- c:\windows2\system32\NtmsData
2008-12-28 20:02 . 2008-12-28 20:02 <DIR> d-------- c:\documents and settings\tammy\Application Data\Malwarebytes
2008-12-28 20:02 . 2008-12-28 20:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS2\Application Data\Malwarebytes
2008-12-28 19:17 . 2008-12-28 19:17 <DIR> d-------- c:\program files\CCleaner
2008-12-28 18:48 . 2001-08-17 13:48 12,160 --a------ c:\windows2\system32\drivers\mouhid.sys
2008-12-28 18:48 . 2001-08-17 13:48 12,160 --a--c--- c:\windows2\system32\dllcache\mouhid.sys
2008-12-28 18:48 . 2008-04-13 13:45 10,368 --a------ c:\windows2\system32\drivers\hidusb.sys
2008-12-21 16:06 . 2008-12-21 16:06 <DIR> d-------- c:\documents and settings\tammy\Application Data\Viewpoint
2008-12-21 11:56 . 2003-03-31 07:00 457,607 -----c--- c:\windows2\system32\dllcache\mdlib.wmv
2008-12-21 11:55 . 2008-04-13 19:12 1,306,624 -----c--- c:\windows2\system32\dllcache\msxml6.dll
2008-12-21 11:54 . 2008-04-13 19:12 774,144 -----c--- c:\windows2\system32\dllcache\setup_wm.exe
2008-12-21 11:53 . 2008-04-13 19:12 4,874,240 -----c--- c:\windows2\system32\dllcache\wmp.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-29 17:25 --------- d-----w c:\documents and settings\tammy\Application Data\AOL
2008-12-29 17:24 --------- d-----w c:\program files\Common Files\aol
2008-12-29 15:18 --------- d-----w c:\program files\Java
2008-12-29 15:15 --------- d-----w c:\program files\Common Files\Adobe
2008-12-29 11:26 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\McAfee
2008-12-29 11:19 --------- d-----w c:\program files\QuickTime
2008-12-29 11:19 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\Apple Computer
2008-12-29 11:17 --------- d-----w c:\program files\Common Files\Real
2008-12-29 00:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 00:24 --------- d-----w c:\program files\Common Files\Motive
2008-11-14 20:41 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\AOL
2008-10-23 12:36 286,720 ----a-w c:\windows2\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows2\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows2\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows2\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows2\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows2\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows2\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows2\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows2\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows2\system32\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows2\system32\muweb.dll
2008-10-03 10:15 247,326 ----a-w c:\windows2\system32\strmdll.dll
2008-08-27 00:20 256 ----a-w c:\documents and settings\tammy\pool.bin
2003-09-19 01:09 160 -c--a-w c:\documents and settings\Tammy Simpson\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows2\system32\ctfmon.exe" [2008-04-13 15360]
"AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2003-10-06 5058560]
"HostManager"="c:\program files\Common Files\AOL\1139524247\ee\AOLSoftware.exe" [2006-09-25 50736]
"HPDJ Taskbar Utility"="c:\windows2\system32\spool\drivers\w32x8 6\3\hpztsb07.exe" [2002-11-22 188416]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-29 1601304]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows2\BCMSMMSG.exe]
c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-12-29 14:32 10520 c:\windows2\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^hp instant support.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\hp instant support.lnk
backup=c:\windows2\pss\hp instant support.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows2\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows2\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-06-20 14:30 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 c:\windows2\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS2\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\aol\\1139524247\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\1139524247\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows2\system32\drivers \avgrkx86.sys [2008-12-29 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows2\system32\drivers\avgldx86.sys [2008-12-29 324872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows2\system32\drivers\avgtdix.sy s [2008-12-29 107272]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-29 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoRcd.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: www.update.microsoft.com
O16 -: Microsoft XML Parser for Java - file://c:\windows2\Java\classes\xmldso.cab
c:\windows2\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 18:40:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows2\system32\LEXBCES.EXE
c:\windows2\system32\LEXPPS.EXE
c:\program files\Common Files\aol\ACS\AOLacsd.exe
c:\program files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows2\system32\nvsvc32.exe
c:\windows2\system32\wdfmgr.exe
c:\windows2\wanmpsvc.exe
c:\program files\America Online 9.0a\waol.exe
c:\program files\America Online 9.0a\shellmon.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
************************************************** ************************
.
Completion time: 2009-01-03 18:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 23:46:08
Pre-Run: 43,359,023,104 bytes free
Post-Run: 43,822,219,264 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS2="Micr osoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /noexecute=optin
225 --- E O F --- 2009-01-03 19:36:31
Is there anything I need to get rid of? Thank you!
 |
 |
 |
 |
|
|||||||
| [Fixed] Hijackthis! Logs - back for log check, Crush was working with me posted in the Security & Safety forums; I have a closed hijackthis thread where crush had asked for a combofix log. I had given my friend her computer back. She just brought it back and I am ... |
|
01-03-2009
|
#1 |
|
Bronze Member
 Join Date: Nov 2008
Posts: 47 PC Experience: Experienced
|
back for log check, Crush was working with me
|
|
|
| Advertisement - Register to Remove | |
|
|
01-04-2009
|
#2 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: back for log check, Crush was working with me
Hi again,
Do you have access to the computer in question to remove some entries in hijackthis?
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
01-04-2009
|
#3 |
|
Bronze Member
Join Date: Nov 2008
Posts: 47 PC Experience: Experienced
|
Re: back for log check, Crush was working with me
Yes, I will have the computer for a couple of days this time. Thank you
|
|
|
|
|
01-04-2009
|
#4 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: back for log check, Crush was working with me
Perfect. We can have HJT remove the entries below. Before removal ensure HJT is the only program open and these are the only entries checked. Then click Fix Checked.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 Let me know if that's any better
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
01-04-2009
|
#5 |
|
Bronze Member
Join Date: Nov 2008
Posts: 47 PC Experience: Experienced
|
Re: back for log check, Crush was working with me
I was able to delete that. One other question. This computer has two XP installs on it. I edited boot.ini so only one shows up during boot up. But she has two c:windows directories, on named that, and the other named c:windows2. Is there a way to get rid of the one that is not used? I believe it is taking up a lot of space. The computer is really, really slow!! Any ideas? Thank you for your help. You are the best!
|
|
|
|
|
01-05-2009
|
#6 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: back for log check, Crush was working with me
Sure, just delete it. Provided her documents and settings and all that are saved on the first C:\Windows file system
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
01-05-2009
|
#7 |
|
Bronze Member
Join Date: Nov 2008
Posts: 47 PC Experience: Experienced
|
Re: back for log check, Crush was working with me
great. things are running great now. Thanks for the help
|
|
|
|
|
| Bookmarks |
| Tags |
| back, check, crush, fixed, Fixed:, log, working |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| for Crush | jerryw1976 | [Fixed] Hijackthis! Logs | 3 | 01-13-2009 03:54 PM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
