avenger.txt and hijackthis log

Solved
Thread Status:
Not open for further replies.
  1. predator

    predator Member Gold Member

    Joined:
    Aug 5, 2005
    Posts:
    255
    Likes Received:
    0
    Local time:
    09:16
    My System
    Loading...

    herewith hijackthis log and avenger.txt as had been requested.

    TTFN
    Pred
     
  2. chiaz

    chiaz Well-Known Member Elite Member

    Joined:
    Jun 7, 2006
    Posts:
    4,685
    Likes Received:
    75
    Local time:
    07:16
    My System
    Loading...

    Hi. :)

    Please either upload the files or copy/paste the content here.
     
  3. predator

    predator Member Gold Member

    Joined:
    Aug 5, 2005
    Posts:
    255
    Likes Received:
    0
    Local time:
    09:16
    My System
    Loading...

    Sorry i notice that my files did not upload

    Avenger.txt result

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\yvfnvkig
    *******************
    Script file located at: \??\C:\Program Files\pnlxvqlc.txt
    Script file opened successfully.
    Script file read successfully
    Backups directory opened successfully at C:\Avenger
    *******************
    Beginning to process script file:

    File C:\WINDOWS\sembako-cmzjkli.exe not found!
    Deletion of file C:\WINDOWS\sembako-cmzjkli.exe failed!
    Could not process line:
    C:\WINDOWS\sembako-cmzjkli.exe
    Status: 0xc0000034

    File C:\WINDOWS\ShellNew\bbm-vqvklimc.exe not found!
    Deletion of file C:\WINDOWS\ShellNew\bbm-vqvklimc.exe failed!
    Could not process line:
    C:\WINDOWS\ShellNew\bbm-vqvklimc.exe
    Status: 0xc0000034

    File C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe not found!
    Deletion of file C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe failed!
    Could not process line:
    C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe
    Status: 0xc0000034

    Completed script processing.
    *******************
    Finished! Terminate.

    Hijackthislog result

    Logfile of HijackThis v1.99.1
    Scan saved at 13:13:13, on 04/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\PC-Clean\PC-Clean.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Botsnet
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers & more
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.botsnet.bw:80
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
    O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
    O4 - HKLM\..\Run: [ChangeResolution] C:\Documents and Settings\Administrator\ChangeResolution.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [PC-Clean] "C:\Program Files\PC-Clean\PC-Clean.exe" /h
    O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03625B46-B4D8-46CB-B0F5-B1340F9870A3}: NameServer = 168.167.71.138 168.167.71.137
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03625B46-B4D8-46CB-B0F5-B1340F9870A3}: NameServer = 168.167.71.138 168.167.71.137
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  4. chiaz

    chiaz Well-Known Member Elite Member

    Joined:
    Jun 7, 2006
    Posts:
    4,685
    Likes Received:
    75
    Local time:
    07:16
    My System
    Loading...

    Who got you to run Avenger?
     
  5. predator

    predator Member Gold Member

    Joined:
    Aug 5, 2005
    Posts:
    255
    Likes Received:
    0
    Local time:
    09:16
    My System
    Loading...

    Pancake got me to run it, about 3 days ago. If you could go to page 2 of hijacklogthis, it would be entitled "fighting nail and teeth to set registry free".

    Thanks in advance
    Pred
     
  6. chiaz

    chiaz Well-Known Member Elite Member

    Joined:
    Jun 7, 2006
    Posts:
    4,685
    Likes Received:
    75
    Local time:
    07:16
    My System
    Loading...

  7. predator

    predator Member Gold Member

    Joined:
    Aug 5, 2005
    Posts:
    255
    Likes Received:
    0
    Local time:
    09:16
    My System
    Loading...

    I have already done that and Pancake hand requested me to post back results of avenger and hijackthislog after completing the advise given onthe post you have referred to.

    TTFN
    Pred
     
  8. chiaz

    chiaz Well-Known Member Elite Member

    Joined:
    Jun 7, 2006
    Posts:
    4,685
    Likes Received:
    75
    Local time:
    07:16
    My System
    Loading...

    Yep. Just post that information in that thread. :)
     
Similar Threads
Forum Title Date
System Security Possibly hijacked? (hijackthis included) Apr 15, 2013
System Security HijackThis Log Apr 16, 2012
System Security HiJackThis log Apr 7, 2012
System Security hijackthis log Mar 20, 2012

Thread Status:
Not open for further replies.