Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Windows XP - Internet problems (Hijack this! log included)

[Pending] HJT Logs - Windows XP - Internet problems (Hijack this! log included) posted in the Security & Safety forums; Hello I seem to be have a strange probel for the last two or so weeks, (my install xp is only about 3-4 months old) I can boot up the ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-04-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 6
PC Experience: PC Illiterate
mellowman - See this Members User comments on their Profile page
Default Windows XP - Internet problems (Hijack this! log included)
Hello I seem to be have a strange probel for the last two or so weeks, (my install xp is only about 3-4 months old) I can boot up the computer and the internet will work fine, but after 3 hours (it always happens within the 3 hour mark) The internet dies suddenly.

I have tried uninstalling then re-installing drivers I have tried a repair install of Windows XP I have reset the router multiple times but nothing happens.

Please note: I am running a Dell Latitude D600 laptop with Windows XP Sp2 Coporate.

Hijack this! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:00 p.m., on 4/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Games\utils\Avast\aswUpdSv.exe
E:\Games\utils\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\sessmgr.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
E:\Games\utils\Avast\ashMaiSv.exe
E:\Games\utils\Avast\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Games\utils\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\netmeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Traffic Shaper XP Client\Traffic Shaper XP.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Pats\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Windows X's Live - The ultimate Vista experiences
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 75.125.96.162 nprotect.lineage2.com
O1 - Hosts: 75.125.96.162 l2testauthd.lineage2.com
O1 - Hosts: 75.125.96.162 l2authd.lineage2.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - E:\ubuntuxp\UbuntuXP\Apps\FindeXer Nightly V1.1.0.3\FindeXer.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] E:\Games\utils\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [e:\netmeter\NetMeter.exe] e:\netmeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Policies\Explorer\Run: [jaVpMPUqUg] C:\Documents and Settings\All Users\Application Data\pwnybory\bwtqxafw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-3426293064-4161162656-2243386463-1003\..\Run: [e:\netmeter\NetMeter.exe] e:\netmeter\NetMeter.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Traffic Shaper XP Client.lnk = C:\Program Files\Traffic Shaper XP Client\Traffic Shaper XP.exe
O4 - Global Startup: WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200032750374
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: tuvSjHAs - tuvSjHAs.dll (file missing)
O23 - Service: 8Signs Firewall (8SignsFirewall) - 8Signs Ltd. - E:\Program Files\8Signs Firewall\DFW.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Games\utils\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Games\utils\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Games\utils\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Games\utils\Avast\ashWebSv.exe
O23 - Service: ActiveXperts SMS Messaging Server (AxSmsSvc) - Unknown owner - C:\Program Files\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - e:\program files\spyware doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - e:\program files\spyware doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8218 bytes


Please help me

~Patrick~ :P
  #2  
Old 06-04-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,610
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
hello mellowman, and welcome to the forums.

We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #3  
Old 06-04-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 6
PC Experience: PC Illiterate
mellowman - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
Okay thanks, here's what you requested:

Combo fix log:

ComboFix 08-06-03.4 - Pats 2008-06-05 9:36:22.2 - NTFSx86

Running from: C:\Documents and Settings\Pats\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mlJDsTMd.dll
C:\WINDOWS\system32\MVFfgMoq.ini
C:\WINDOWS\system32\MVFfgMoq.ini2
C:\WINDOWS\system32\twndkcig.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\vadokmxt.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 21:32 . 2008-06-04 21:32 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-04 21:13 . 2008-06-04 21:19 <DIR> d-------- C:\Program Files\Omega Informatix
2008-06-04 21:04 . 2008-06-04 21:05 <DIR> d-------- C:\Documents and Settings\Pats\amsn
2008-06-02 22:40 . 2008-06-02 22:40 <DIR> d--hs---- C:\Diskeeper
2008-06-02 21:27 . 2008-05-06 17:07 311,296 --------- C:\WINDOWS\system32\MC12.exe
2008-06-02 21:27 . 2008-03-13 08:58 53,248 --------- C:\WINDOWS\system32\BBInstaller.exe
2008-06-02 21:04 . 2008-06-02 21:04 <DIR> d-------- C:\Program Files\Broadcom
2008-06-02 20:53 . 2008-06-02 20:55 <DIR> d-------- C:\Program Files\Traffic Shaper XP Server
2008-06-02 20:53 . 2008-06-02 20:53 <DIR> d-------- C:\Program Files\Traffic Shaper XP Client
2008-06-02 20:53 . 2008-06-02 20:53 226,560 --a------ C:\WINDOWS\system32\drivers\bcim.sys
2008-06-02 20:53 . 2008-06-02 20:53 1,536 --a------ C:\WINDOWS\system32\bcevent.dll
2008-06-02 20:33 . 2008-06-02 20:33 <DIR> d-------- C:\Program Files\CONEXANT
2008-06-02 20:32 . 2005-05-03 14:09 1,033,728 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.SYS
2008-06-02 20:32 . 2005-05-03 14:08 705,408 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-06-02 20:32 . 2005-05-03 14:08 208,384 --a------ C:\WINDOWS\system32\drivers\HSFHWICH.sys
2008-06-02 20:32 . 2005-05-03 10:56 129,405 --a------ C:\WINDOWS\system32\drivers\del1028.cty
2008-06-02 20:32 . 2004-03-17 11:00 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-06-02 20:32 . 2005-02-23 14:02 42,858 --a------ C:\WINDOWS\system32\hsfci014.dll
2008-06-02 20:32 . 2004-03-17 11:04 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-06-02 20:29 . 2008-06-05 09:39 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-06-02 20:17 . 2004-08-04 10:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-06-02 20:16 . 2001-08-24 02:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-02 20:15 . 2001-08-24 02:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-02 20:14 . 2001-08-24 02:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-06-02 20:13 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-06-02 20:12 . 2008-06-02 20:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-02 20:12 . 2008-06-02 20:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-02 20:12 . 2008-06-02 20:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-02 20:12 . 2008-06-02 20:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-02 20:12 . 2008-06-02 20:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-02 20:12 . 2008-06-02 20:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-02 19:45 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-06-02 19:45 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-06-02 19:45 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-06-02 18:41 . 2008-06-02 18:41 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\Ventrilo
2008-06-02 18:40 . 2008-06-02 18:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 18:07 . 2008-06-02 18:07 <DIR> d-------- C:\Program Files\WinCustomize
2008-06-02 18:07 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-05-31 15:51 . 2008-05-31 15:52 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\Voipwise
2008-05-31 15:50 . 2008-05-31 15:50 <DIR> d-------- C:\Program Files\Voipwise.com
2008-05-31 12:30 . 2008-05-31 12:30 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-05-31 12:28 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-05-31 11:29 . 2008-05-31 11:30 67 --a------ C:\WINDOWS\AxSmsUI.INI
2008-05-31 11:26 . 2008-05-31 11:26 19 --a------ C:\WINDOWS\info8.ini
2008-05-31 11:26 . 2008-05-31 11:26 19 --a------ C:\WINDOWS\info6.ini
2008-05-31 11:26 . 2008-05-31 11:26 19 --a------ C:\WINDOWS\info5.ini
2008-05-31 11:26 . 2008-05-31 11:26 19 --a------ C:\WINDOWS\info4.ini
2008-05-31 11:25 . 2008-05-31 11:25 <DIR> d-------- C:\Program Files\Common Files\ActiveXperts
2008-05-31 11:25 . 2008-05-31 11:25 19 --a------ C:\WINDOWS\info9.ini
2008-05-31 11:25 . 2008-05-31 11:25 19 --a------ C:\WINDOWS\info7.ini
2008-05-31 11:24 . 2008-05-31 11:24 <DIR> d-------- C:\Program Files\ActiveXperts
2008-05-30 18:22 . 2008-05-30 18:23 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\FreeCall
2008-05-25 14:34 . 2008-05-25 14:34 <DIR> d-------- C:\Program Files\Sun
2008-05-25 13:47 . 2008-05-25 14:33 <DIR> d-------- C:\Documents and Settings\Pats\.SunDownloadManager
2008-05-25 13:47 . 2008-05-25 13:47 382,352 --a------ C:\Documents and Settings\Pats\jdk-6u6-windows-i586-p-iftw.exe
2008-05-25 11:25 . 2008-05-25 11:25 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\Subversion
2008-05-25 11:25 . 2008-05-25 11:35 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\com.syncrosvnclient
2008-05-25 11:24 . 2008-06-02 20:53 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.1
2008-05-25 08:38 . 2008-05-25 08:38 <DIR> d-------- C:\Program Files\Covey Inc
2008-05-24 22:38 . 2008-05-25 08:38 <DIR> d-------- C:\Program Files\SwiftSwitch
2008-05-24 15:30 . 2008-05-24 15:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-24 15:29 . 2008-05-24 15:29 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-24 15:29 . 2008-05-24 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-24 12:49 . 2008-06-02 10:45 <DIR> d-------- C:\Program Files\SwiftKit
2008-05-18 15:51 . 2008-05-31 12:36 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\NoNameScript
2008-05-18 09:05 . 2008-06-02 17:21 84,548 --a------ C:\WINDOWS\setupapi.old
2008-05-18 08:39 . 2008-05-18 08:53 <DIR> d-------- C:\Documents and Settings\Pats\Application Data\AveDesk
2008-05-17 19:41 . 2005-10-22 18:49 7,423 --a------ C:\WPAFK.mrc
2008-05-17 19:37 . 2008-05-17 19:39 392 --a------ C:\mas.ini
2008-05-17 18:52 . 2008-05-17 18:52 <DIR> d-------- C:\msas6hash
2008-05-17 18:46 . 2008-05-17 18:52 0 --a------ C:\AwaySysMenu2.0.mrc
2008-05-17 18:38 . 2008-05-18 09:04 <DIR> d-------- C:\Program Files\mIRC Plus
2008-05-17 18:32 . 2004-09-03 17:07 <DIR> d-------- C:\Scripts
2008-05-17 18:32 . 2008-05-17 19:36 0 --a------ C:\away.mrc
2008-05-17 12:00 . 2008-05-17 12:00 <DIR> d-------- C:\Program Files\Google
2008-05-11 11:43 . 2008-05-11 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-10 12:03 . 2008-05-10 12:06 <DIR> d-------- C:\WINDOWS\.rune-evolution
2008-05-09 17:43 . 2008-05-09 17:43 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-05-08 20:04 . 2008-05-08 20:07 <DIR> d-------- C:\WINDOWS\.silabclient_store_32
2008-05-07 19:07 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\CloseApp.exe
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 17:42 . 2008-05-07 17:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 17:16 . 2004-08-03 22:29 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-05-06 19:47 . 2008-05-06 19:48 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-04 23:44 . 2004-08-04 09:56 2,153,984 --a------ C:\_@6.tmp
2008-05-04 23:38 . 2008-05-04 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-05-04 20:18 . 2008-05-04 20:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-04 19:19 . 2004-08-04 12:56 994,304 --a------ C:\WINDOWS\system32\msgina.backup
2008-05-04 19:18 . 2004-08-04 12:56 90,624 --a------ C:\WINDOWS\system32\mydocs.backup
2008-05-04 19:17 . 2004-08-04 12:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.backup
2008-05-04 19:15 . 2007-10-26 15:36 8,454,656 --a------ C:\WINDOWS\system32\shell32.backup
2008-05-04 19:13 . 2007-06-13 22:23 1,033,216 --a------ C:\WINDOWS\explorer.backup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-04 10:15 --------- d-----w C:\Program Files\mIRC
2008-06-04 10:15 --------- d-----w C:\Documents and Settings\Pats\Application Data\mIRC
2008-06-04 08:55 --------- d-----w C:\Program Files\Windows Live
2008-06-02 08:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 06:36 --------- d-----w C:\Documents and Settings\Pats\Application Data\teamspeak2
2008-06-02 06:07 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-31 07:16 --------- d-----w C:\Program Files\Steam
2008-05-30 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-26 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-25 02:34 --------- d-----w C:\Program Files\Java
2008-05-24 21:55 --------- d-----w C:\Documents and Settings\Pats\Application Data\Apple Computer
2008-05-24 03:31 --------- d-----w C:\Program Files\Bonjour
2008-05-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 23:59 --------- d-----w C:\Documents and Settings\Pats\Application Data\uTorrent
2008-05-16 06:07 --------- d-----w C:\Documents and Settings\Pats\Application Data\foobar2000
2008-05-06 08:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Web Okay Five 01
2008-04-30 21:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 08:03 --------- d-----w C:\Documents and Settings\Pats\Application Data\Media Player Classic
2008-04-30 07:15 --------- d-----w C:\Documents and Settings\Pats\Application Data\LimeWire
2008-04-25 08:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-25 05:25 --------- d-----w C:\Program Files\Microsoft Games
2008-04-24 22:12 --------- d-----w C:\Documents and Settings\Pats\Application Data\InstallShield
2008-04-23 08:30 68,096 ----a-w C:\WINDOWS\ScUnin.exe
2008-04-23 08:10 --------- d-----w C:\Program Files\Starcraft
2008-04-23 03:21 --------- d-----w C:\Program Files\Foxit Software
2008-04-23 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-22 07:32 --------- d-----w C:\Documents and Settings\Pats\Application Data\atitray
2008-04-22 07:19 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2008-04-22 07:19 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-04-21 07:39 --------- d-----w C:\Documents and Settings\Pats\Application Data\PC Tools
2008-04-20 08:15 --------- d-----w C:\Program Files\VDMSound
2008-04-20 07:10 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-19 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\pwnybory
2008-04-19 20:31 --------- d-----w C:\Documents and Settings\Pats\Application Data\skypePM
2008-04-19 10:39 98,304 ----a-w C:\WINDOWS\olgdqarf.exe
2008-04-14 09:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-13 18:40 10,240 ------w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 16:36 144,384 ------w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-12 04:04 --------- d-----w C:\Documents and Settings\Pats\Application Data\ScummVM
2008-04-07 21:13 --------- d-----w C:\Program Files\WinFlip
2008-04-07 21:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-07 05:42 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 05:41 --------- d-----w C:\Program Files\MSBuild
2008-04-07 05:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-07 05:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-07 04:42 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-06 09:26 68,637 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-06 09:26 5,462 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-06 09:07 --------- d-----w C:\Program Files\Styler
2008-03-23 21:41 6,295 ----a-w C:\Program Files\install.log
2003-12-17 22:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-02 18:46 10,960 ----a-w C:\Program Files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"e:\netmeter\NetMeter.exe"="e:\netmeter\NetMeter.e xe" [2007-08-11 14:50 331264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:56 15360]
"AlcoholAutomount"="E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 19:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="atiptaxx.exe" [2006-02-22 14:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 12:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Traffic Shaper XP Client.lnk - C:\Program Files\Traffic Shaper XP Client\Traffic Shaper XP.exe [2008-06-02 20:53:53 1163264]
WL Utility.lnk - C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe [2008-03-20 11:26:16 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"jaVpMPUqUg"= C:\Documents and Settings\All Users\Application Data\pwnybory\bwtqxafw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSjHAs]
tuvSjHAs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
e:\program files\stardock\windowblinds\WBSrv.dll 2008-05-11 20:54 210168 e:\Program Files\Stardock\windowblinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr .exe"=
"E:\\freecall\\FreeCall.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=


.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 09:39:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"e:\\netmeter\\NetMeter.exe"="e:\\netmeter\\NetMet er.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b cserver]
"ImagePath"="C:\Program Files\Traffic Shaper XP Server\bcserver.service"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
E:\Games\utils\Avast\aswUpdSv.exe
E:\Games\utils\Avast\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\Games\utils\Avast\ashMaiSv.exe
E:\Games\utils\Avast\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-06-05 9:42:40 - machine was rebooted [Pats]
ComboFix-quarantined-files.txt 2008-06-04 21:42:25

Pre-Run: 3,766,800,384 bytes free
Post-Run: 3,801,325,568 bytes free

262 --- E O F --- 2008-05-26 08:38:30


Hijack this! log (new):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:37 a.m., on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Games\utils\Avast\aswUpdSv.exe
E:\Games\utils\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
C:\Program Files\Traffic Shaper XP Server\bcserver.service
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
E:\Games\utils\Avast\ashMaiSv.exe
E:\Games\utils\Avast\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\netmeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Traffic Shaper XP Client\Traffic Shaper XP.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Pats\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Windows X's Live - The ultimate Vista experiences
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - E:\ubuntuxp\UbuntuXP\Apps\FindeXer Nightly V1.1.0.3\FindeXer.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [e:\netmeter\NetMeter.exe] e:\netmeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Policies\Explorer\Run: [jaVpMPUqUg] C:\Documents and Settings\All Users\Application Data\pwnybory\bwtqxafw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-3426293064-4161162656-2243386463-1003\..\Run: [e:\netmeter\NetMeter.exe] e:\netmeter\NetMeter.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Traffic Shaper XP Client.lnk = C:\Program Files\Traffic Shaper XP Client\Traffic Shaper XP.exe
O4 - Global Startup: WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200032750374
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: tuvSjHAs - tuvSjHAs.dll (file missing)
O23 - Service: 8Signs Firewall (8SignsFirewall) - 8Signs Ltd. - E:\Program Files\8Signs Firewall\DFW.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Games\utils\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Games\utils\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Games\utils\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Games\utils\Avast\ashWebSv.exe
O23 - Service: ActiveXperts SMS Messaging Server (AxSmsSvc) - Unknown owner - C:\Program Files\ActiveXperts\SMS Messaging Server\Program\AxSmsSvc.exe
O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - e:\program files\spyware doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - e:\program files\spyware doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7888 bytes


Last edited by mellowman; 06-04-2008 at 10:51 PM.
  #4  
Old 06-04-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 6
PC Experience: PC Illiterate
mellowman - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
Whoops double post :o.
  #5  
Old 06-05-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 6
PC Experience: PC Illiterate
mellowman - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
Bump!
  #6  
Old 06-05-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 6
PC Experience: PC Illiterate
mellowman - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
I think I solved it by closing the ZDwlan process from task manager, anyway to make this not open by default guys?
  #7  
Old 06-05-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,610
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Windows XP - Internet problems (Hijack this! log included)
You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

 O4 - HKLM\..\Policies\Explorer\Run: [jaVpMPUqUg] C:\Documents and Settings\All Users\Application Data\pwnybory\bwtqxafw.exe
O20 - Winlogon Notify: tuvSjHAs - tuvSjHAs.dll (file missing)

Next, reboot into safe mode, navigate to and delete the following:

C:\Documents and Settings\All Users\Application Data\pwnybory <-- folder

++++++++++++++++++++++++++++++++++++

Reboot back into normal mode, go to Online malware scan and upload the following files by clicking on the 'browse' button at the top of the page and navigating to the below files. Please post the results in your next post, along with a new hjt log.

C:\WINDOWS\olgdqarf.exe

Thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks