Jump to content

azza1389

Members
  • Content Count

    39
  • Joined

  • Last visited

About azza1389

  • Rank
    Member

Previous Fields

  • System Specifications:
    Acer Aspire 5102WLMi Windows XP
  1. thanks for all that did u need me to show you anything else?
  2. Logfile of HijackThis v1.99.1 Scan saved at 4:08:00 PM, on 2/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\On Screen Display\Hotkey.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\IP Operator\IPOperator.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iPOperator] "C:\Program Files\IP Operator\IPOperator.exe" -aUtOsTaRtFrOmReG O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CCS\Services\Tcpip\..\{66A91983-5F98-4E4E-8EAB-98DF79B6216D}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe and am i meant to keep the backup folder in HJT? or delete it
  3. Hi there i typed Combofix /u into Run and it came up with an error Windows cannot find combo fix i did exactly what u said left the space
  4. I deleted my brother who doesnt use it much' account on this laptop and it has made the Log much more shorter ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, February 23, 2008 1:37:35 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 22/02/2008 Kaspersky Anti-Virus database records: 576071 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 133290 Number of viruses found: 4 Number of infected objects: 16 Number of suspicious objects: 0 Duration of the scan process: 01:33:59 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0de2e52c74194d2c3e7895d77ee4422a_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2906af25551be177440a393f7f39b58b_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\420dbc3fb5a142941dbda4ebb32a5047_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89d9d6bf427935b7c6a8dbddf2e27f9c_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e720fef7126c74775dde766cd5041e_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dea381737d756044853d4a540964ad07_4b142154-e142-4673-98a3-3c277635822b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\az\Cookies\index.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\az\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\History\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\az\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\az\NTUSER.DAT Object is locked skipped C:\Documents and Settings\az\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\HJT\backups\backup-20080221-154522-924.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped C:\Program Files\INSTAFINK\InstaFinderK_inst.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped C:\Program Files\INSTAFINK\InstaFinderK_inst.exe NSIS: infected - 1 skipped C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}\Setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.ilg Object is locked skipped C:\Program Files\Microids\Tennis Masters Series 2003\setup.ilg Object is locked skipped C:\QooBox\Quarantine\catchme2008-02-21_170548.43.zip/1.tmp Infected: Backdoor.Win32.Agent.fg skipped C:\QooBox\Quarantine\catchme2008-02-21_170548.43.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP345\A0323536.exe Infected: not-a-virus:Downloader.Win32.WinFixer.b skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP345\A0323541.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP345\A0323541.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP345\A0323541.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP363\A0324815.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP368\A0331385.dll Object is locked skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP369\A0332331.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP379\A0333239.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP380\A0333285.dll Object is locked skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP380\A0333286.exe Object is locked skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP380\A0333287.exe Object is locked skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP386\A0334196.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP386\A0334196.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP386\A0334196.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP386\A0334221.exe Infected: not-a-virus:Downloader.Win32.WinFixer.b skipped C:\System Volume Information\_restore{4523C8A3-3517-419A-9378-0820C1434CE1}\RP386\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\wvtqnn.exe Object is locked skipped Scan process completed.
  5. HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:38:01 PM, on 2/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\On Screen Display\Hotkey.exe C:\Program Files\IP Operator\IPOperator.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iPOperator] "C:\Program Files\IP Operator\IPOperator.exe" -aUtOsTaRtFrOmReG O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CCS\Services\Tcpip\..\{66A91983-5F98-4E4E-8EAB-98DF79B6216D}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
  6. Virus Total Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - Win32:Trojano-2062 AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - - F-Prot - - - F-Secure - - - Ikarus - - Win32.SuspectCrc Kaspersky - - - McAfee - - potentially unwanted program Winfixer Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Sophos - - - Sunbelt - - WinFixer Symantec - - WinFixer TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - - Additional information MD5: e249350b14dea2fa605dcca688d25526 SHA1: ce6e631f93b4029b9d08e7e18178f4db0574f0ad SHA256: 4290b7705fee3bf055e54ee0dbd71cb36a4b2371d55809bd7d06a22b40a4cd0a SHA512: 588d3bb5714e7bcfcddd53fe716d09fa68fc5e091d98df5c7e2217337b442a07 52bf551116a1b40abc24805c9e99182f8bb71bf9bd58c31315a4abbbf023ef3f
  7. Logfile of HijackThis v1.99.1 Scan saved at 5:20:46 PM, on 2/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iPOperator] "C:\Program Files\IP Operator\IPOperator.exe" -aUtOsTaRtFrOmReG O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CCS\Services\Tcpip\..\{66A91983-5F98-4E4E-8EAB-98DF79B6216D}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe hjt LOG
  8. ComboFix 08-02-21 - az 2008-02-21 16:57:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT 11:00] Running from: C:\Documents and Settings\az\Local Settings\Temporary Internet Files\Content.IE5\OXB9KB3L\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MyWay C:\Program Files\MyWay\myBar\Settings\prevcfg.htm C:\WINDOWS\smdat32a.sys C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\1.tmp . ((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))) . 2008-02-21 16:12 . 2008-02-21 16:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-21 16:12 . 2008-02-21 16:15 <DIR> d-------- C:\Documents and Settings\az\Application Data\AVG7 2008-02-21 16:11 . 2008-02-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-21 16:11 . 2008-02-21 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-02-20 21:06 . 2008-02-20 21:06 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-02-20 19:37 . 2008-02-20 19:40 37,888 --a------ C:\WINDOWS\wizmo.exe 2008-02-20 18:57 . 2007-12-07 13:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-20 18:57 . 2007-07-01 14:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-20 18:57 . 2007-07-01 14:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-20 18:57 . 2007-12-07 13:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-20 18:57 . 2007-12-07 13:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-20 18:57 . 2007-12-07 13:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-20 18:57 . 2007-12-07 13:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-20 18:57 . 2007-12-07 13:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-20 18:57 . 2007-12-06 22:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 17:49 . 2008-02-20 17:49 <DIR> d-------- C:\Documents and Settings\az\Contacts 2008-02-20 17:47 . 2008-02-20 17:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-20 17:04 . 2008-02-20 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-02-20 17:02 . 2008-02-20 17:02 <DIR> d-------- C:\Program Files\PCPitstop 2008-02-20 16:59 . 2008-02-20 16:59 <DIR> d-------- C:\Documents and Settings\az\Application Data\Kazaa Lite 2008-02-20 16:52 . 2004-10-19 16:47 <DIR> d-------- C:\Documents and Settings\az\Application Data\Symantec 2008-02-20 16:41 . 2008-02-20 16:41 1,430 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-02-20 16:40 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-02-20 16:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-02-20 16:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-02-20 16:40 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-02-20 16:31 . 2008-02-20 18:11 <DIR> d-------- C:\Program Files\LimeWire 2008-02-20 16:31 . 2008-02-21 15:56 <DIR> d-------- C:\Program Files\Kazaa Lite K++ 2008-02-20 16:29 . 2008-02-20 16:29 <DIR> d-------- C:\Program Files\Tomas & Reines 2008-02-20 16:29 . 2008-02-20 16:29 <DIR> d-------- C:\Program Files\IP Operator 2008-02-20 16:29 . 2008-02-20 16:29 <DIR> d-------- C:\Program Files\Google 2008-02-20 16:29 . 2008-02-20 16:29 <DIR> d-------- C:\Program Files\DriverGuide Toolkit 2008-02-20 16:28 . 2008-02-20 16:28 <DIR> d-------- C:\Program Files\Windows Journal Viewer 2008-02-20 16:28 . 2008-02-20 16:28 <DIR> d-------- C:\Program Files\MsnMusic 2008-02-20 16:28 . 2008-02-20 17:47 <DIR> d-------- C:\Program Files\MSN Messenger 2008-02-20 16:28 . 2008-02-20 16:28 <DIR> d-------- C:\Program Files\Common Files\Java 2008-02-20 16:28 . 2008-02-20 16:28 <DIR> dr-h----- C:\MSOCache 2008-02-20 16:27 . 2008-02-20 16:34 <DIR> d-------- C:\Program Files\QuickTime 2008-02-20 16:27 . 2008-02-20 16:27 <DIR> d-------- C:\Program Files\On Screen Display 2008-02-20 16:26 . 2008-02-21 15:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-20 16:26 . 2008-02-20 16:26 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-20 16:25 . 2008-02-20 16:25 <DIR> d-------- C:\Program Files\Synaptics 2008-02-20 16:25 . 2008-02-20 16:30 <DIR> d-------- C:\Program Files\Battery miser 2008-02-20 16:25 . 2008-02-20 16:25 <DIR> d-------- C:\Program Files\ATI Technologies 2008-02-20 16:25 . 2008-02-21 15:56 <DIR> d-------- C:\My Shared Folder 2008-02-20 16:25 . 2008-02-20 16:25 <DIR> d-------- C:\My Drivers 2008-02-20 16:25 . 2008-02-20 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-20 16:17 . 2008-02-20 16:24 <DIR> d-------- C:\WINDOWS\LastGood(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 04:58 --------- d-----w C:\Program Files\Simply Budgets First Steps 2008-02-21 04:45 --------- d-----w C:\Program Files\INSTAFINK 2008-02-20 10:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 08:45 --------- d-----w C:\Program Files\Microsoft Games 2008-02-20 08:15 --------- d-----w C:\Program Files\SquawkBox3 2008-02-20 07:12 --------- d-----w C:\Program Files\eMule 2008-02-20 06:39 --------- d-----w C:\Program Files\Azureus 2008-02-20 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-20 05:31 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-20 05:30 --------- d-----w C:\Program Files\Airport for Windows 2008-02-20 05:30 --------- d-----w C:\Program Files\Advanced JPEG Compressor 2008-02-20 05:29 --------- d-----w C:\Program Files\iPod 2008-02-20 05:29 --------- d-----w C:\Program Files\Intel 2008-02-20 05:29 --------- d-----w C:\Program Files\FSFDT 2008-02-20 05:29 --------- d-----w C:\Program Files\FSacars 2008-02-20 05:29 --------- d-----w C:\Program Files\ComponentSoftware 2008-02-20 05:29 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 05:28 --------- d-----w C:\Program Files\IVAO 2008-02-20 05:26 --------- d-----w C:\Program Files\Common Files\Real 2008-02-20 05:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-20 05:25 --------- d-----w C:\Program Files\Yahoo! 2008-02-20 05:25 --------- d-----w C:\Program Files\WinMX 2005-09-21 14:49 61 --sh--w C:\WINDOWS\cnerolf.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2003-04-01 07:54 88267 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-13 09:19 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-13 09:18 618496] "batterymiser"="C:\Program Files\Battery miser\batterymiser.exe" [2004-08-28 10:05 274432] "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "KeybdUtility"="C:\Program Files\On Screen Display\Hotkey.exe" [2004-08-26 17:14 73728] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-08 22:22 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "IPOperator"="C:\Program Files\IP Operator\IPOperator.exe" [2004-08-27 09:40 32768] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-21 16:14 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-21 16:11 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 17:05:26 29696] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-01-11 21:59:13 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS\system32\bmpsap.dll [2004-10-21 07:12 73728] R1 df_u42;df_u42;C:\WINDOWS\system32\drivers\df_u42.sys [2005-11-24 10:21] R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2004-07-06 11:02] S3 LGeNDIS;LGeNDIS;C:\Program Files\IP Operator\LGeNDIS.sys [2004-05-29 04:55] S3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [] . Contents of the 'Scheduled Tasks' folder "2004-10-19 06:19:11 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job" "2004-10-19 06:19:10 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 17:05:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\S24EvMon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2008-02-21 17:09:07 - machine was rebooted [az] ComboFix-quarantined-files.txt 2008-02-21 06:09:04 . 2008-02-20 17:56:53 --- E O F --- Combo fix log
  9. Heres my HJT Log im wondering why my net is always at Low strength Logfile of HijackThis v1.99.1 Scan saved at 4:49:26 AM, on 2/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\On Screen Display\Hotkey.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\IP Operator\IPOperator.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\HJT\HijackThis.exe C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\update.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {5E9755A1-314A-4ae6-99E1-B9F7DC7C7CF0} - C:\WINDOWS\system32\1.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iPOperator] "C:\Program Files\IP Operator\IPOperator.exe" -aUtOsTaRtFrOmReG O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CCS\Services\Tcpip\..\{66A91983-5F98-4E4E-8EAB-98DF79B6216D}: Domain = nsw.bigpond.net.au O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA4E2E0-52EB-444A-9A69-09FB3426A3D8}: Domain = nsw.bigpond.net.au O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: 1 - C:\WINDOWS\system32\1.tmp O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
  10. Hey guys im just wodnering how one could reformat my computer because my com has been pretty cluttered and i just want to start a new! So what i know is i first have to get the Windows XP CD that came with the computer and thats all i know is it possible for one who isnt an IT expert (me) to reformat it Thx
  11. Ok guys wel see how i go i dont know that much bout coms but il try my best il try this in the coming days
  12. Ok guys well basically my brothers birthday is in 3 weeks and i have no need for my laptop anymore and want to give him it but its full of my Uni notes Dvd's and Music business notes etc. and how do i manually reformat my computer so its basically fresh without paying over $300 at the local computer store?
×
×
  • Create New...