|
-
September 4th, 2010, 12:01 AM
#1
hijack this log file
Can someone please check this log file for me
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:50 PM, on 9/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://www.popeyefreshfoods.com/images/leaf_main.jpg
--
End of file - 5948 bytes
-
September 4th, 2010, 02:44 AM
#2
HJT is not what it once was, so follow the instructions at
http://discussions.virtualdr.com/sho...d.php?t=167915
And POST the logs in this thread.
-
September 4th, 2010, 03:31 PM
#3
Starting step 2 now....Malwarebytes log here
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/4/2010 3:27:00 PM
mbam-log-2010-09-04 (15-27-00).txt
Scan type: Quick scan
Objects scanned: 131375
Time elapsed: 21 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
September 4th, 2010, 03:44 PM
#4
Starting step 3 now....this is GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-04 15:42:57
Windows 5.1.2600 Service Pack 3
Running: 5usnnonf.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kgtoraog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF0EADB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF0EAD9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF0EADAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
-
September 4th, 2010, 03:45 PM
#5
What are computer's issues?
-
September 4th, 2010, 04:04 PM
#6
At any givin time my computer seems to slow down almost lock up for up to an hour or a half..it's been doing this for the last month...Yes I have system restore on....but I've always had that running.When it starts to lock up I take myself off the net and it goes back to normal....when I go back on the net it starts locking up again ( pages won't load or they start to load then lock up )....it's as if it resumes what it was doing.Never did any of this before..this is why I think I have something??.By the way,thanx for your help.
-
September 4th, 2010, 04:04 PM
#7
Service:
==== System Restore Points ===================
RP617: 8/3/2010 2:40:16 PM - System Checkpoint
RP618: 8/3/2010 6:00:14 PM - Software Distribution Service 3.0
RP619: 8/5/2010 1:03:08 PM - Installed Windows XP KB2229593.
RP620: 8/5/2010 1:11:45 PM - Installed Windows XP KB980195.
RP621: 8/6/2010 11:03:59 PM - System Checkpoint
RP622: 8/7/2010 11:08:14 AM - Installed Windows XP KB2229593.
RP623: 8/7/2010 11:48:33 PM - Installed Windows XP KB2229593.
RP624: 8/9/2010 9:01:25 PM - System Checkpoint
RP625: 8/11/2010 11:50:37 AM - Software Distribution Service 3.0
RP626: 8/12/2010 5:52:59 PM - System Checkpoint
RP627: 8/13/2010 5:54:38 PM - System Checkpoint
RP628: 8/17/2010 8:15:49 PM - System Checkpoint
RP629: 8/19/2010 9:09:58 PM - System Checkpoint
RP630: 8/20/2010 1:34:10 PM - Installed Java(TM) 6 Update 21
RP631: 8/21/2010 3:26:15 PM - System Checkpoint
RP632: 8/24/2010 9:51:50 PM - Restore Operation
RP633: 8/27/2010 3:22:17 PM - System Checkpoint
RP634: 8/29/2010 10:05:12 AM - System Checkpoint
RP635: 8/30/2010 12:59:53 PM - System Checkpoint
RP636: 8/31/2010 3:43:53 PM - System Checkpoint
RP637: 9/3/2010 11:27:26 PM - Installed HiJackThis
RP638: 9/4/2010 12:28:12 AM - Removed Ask Toolbar.
RP639: 9/4/2010 12:30:03 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.4
Advanced SystemCare 3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
Auslogics Disk Defrag
AutoUpdate
avast! Free Antivirus
AVS Audio Editor version 4.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
CCleaner
Command & Conquer Renegade
Command & Conquer Tiberian Sun
D-Link PCI Fast Ethernet Adapter
DivX
DivX Player
EPSON Printer Software
Guitar Pro 5.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 7
Japanese Fonts Support For Adobe Reader 9
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java Web Start
Java(TM) 6 Update 21
Jetcast 3.0.2
jlGui 3.0
LimeWire 5.4.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
Octoshape add-in for Adobe Flash Player
PowerDVD
ratDVD 0.78.1444
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Speeditup Free 4.01
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VideoLAN VLC media player 0.8.5
WebFldrs XP
Westwood Shared Internet Components
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3
WinRAR archiver
==== Event Viewer Messages From Past Week ========
9/4/2010 12:28:23 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/2/2010 12:46:20 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0050BAE93337. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/1/2010 11:48:08 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
==== End Of File ===========================
-
September 4th, 2010, 04:05 PM
#8
DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 15:46:39.46 on Sat 09/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.384.47 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\user\Desktop\5usnnonf.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/webhp
uSearch Page = about:blank
uSearch Bar = about:blank
mSearch Bar = about:blank
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - hxxp://advnt01.com/dialer/int_ver34.CAB
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-26 40384]
=============== Created Last 30 ================
2010-09-04 03:27:30 0 d-----w- c:\program files\Trend Micro
==================== Find3M ====================
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 00:56:52 724992 ----a-w- c:\windows\iun6002.exe
2006-07-15 20:12:26 5949316 ----a-w- c:\program files\Red Hot Chilli Peppers- Tell Me Baby.mp3
2006-06-22 04:24:36 4225744 ----a-w- c:\program files\Limewire Lime Wire Pro 4.12.3.exe
============= FINISH: 15:48:00.65 ===============
-
September 4th, 2010, 04:27 PM
#9
We'll check...
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
===============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
September 4th, 2010, 05:28 PM
#10
When it starts slowing down I do a Ctrl Alt Delete and the System Idle Process is between 85 and 100%...if that's any help
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7B68000 \WINDOWS\system32\KDCOM.DLL
0xF7A78000 \WINDOWS\system32\BOOTVID.dll
0xF7619000 ACPI.sys
0xF7B6A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7608000 pci.sys
0xF7668000 isapnp.sys
0xF7B6C000 viaide.sys
0xF78E8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7678000 MountMgr.sys
0xF75E9000 ftdisk.sys
0xF78F0000 PartMgr.sys
0xF7688000 VolSnap.sys
0xF75D1000 atapi.sys
0xF7698000 disk.sys
0xF76A8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75B1000 fltmgr.sys
0xF759F000 sr.sys
0xF78F8000 PxHelp20.sys
0xF7588000 KSecDD.sys
0xF74FB000 Ntfs.sys
0xF74CE000 NDIS.sys
0xF76B8000 viaagp.sys
0xF74B4000 Mup.sys
0xF7848000 \SystemRoot\system32\DRIVERS\p3.sys
0xF7305000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF72F1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF72DD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7858000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B50000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7868000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7938000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7940000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7878000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7888000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7898000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF72BA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7948000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7296000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF71B8000 \SystemRoot\system32\DRIVERS\HCF_MSFT.sys
0xF7950000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78A8000 \SystemRoot\system32\DRIVERS\dlkfet5b.sys
0xF7172000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF714E000 \SystemRoot\system32\drivers\portcls.sys
0xF78B8000 \SystemRoot\system32\drivers\drmk.sys
0xF78C8000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7B8A000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7D9A000 \SystemRoot\system32\DRIVERS\ctljystk.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7D9B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF711A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7708000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7718000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7960000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7069000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7728000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7968000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7970000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7738000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B8C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF700B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7490000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7778000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79C0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF6F25000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BBA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A40000 \SystemRoot\System32\drivers\vga.sys
0xF7BE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A48000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A50000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B4C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1B68000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1B0F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6ED5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1AE7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF12C8000 \SystemRoot\System32\drivers\afd.sys
0xF6EC5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF129D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1205000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6EB5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF11DF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6EA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF0E98000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7998000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF70CA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B0C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C85000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7B00000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE0AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDFF0000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEDC93000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDF48000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B78000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDD28000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xEDD18000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEDA2E000 \SystemRoot\system32\DRIVERS\srv.sys
0xED80D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7920000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xED393000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\kgtoraog.sys
0xED368000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 32):
0 System Idle Process
4 System
-
September 4th, 2010, 05:44 PM
#11
System Idle Process is between 85 and 100%
System Idle Process is CPU NOT used, so your numbers are fine.
MBRCheck log is incomplete.
Please, repost.
-
September 4th, 2010, 06:07 PM
#12
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7B68000 \WINDOWS\system32\KDCOM.DLL
0xF7A78000 \WINDOWS\system32\BOOTVID.dll
0xF7619000 ACPI.sys
0xF7B6A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7608000 pci.sys
0xF7668000 isapnp.sys
0xF7B6C000 viaide.sys
0xF78E8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7678000 MountMgr.sys
0xF75E9000 ftdisk.sys
0xF78F0000 PartMgr.sys
0xF7688000 VolSnap.sys
0xF75D1000 atapi.sys
0xF7698000 disk.sys
0xF76A8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75B1000 fltmgr.sys
0xF759F000 sr.sys
0xF78F8000 PxHelp20.sys
0xF7588000 KSecDD.sys
0xF74FB000 Ntfs.sys
0xF74CE000 NDIS.sys
0xF76B8000 viaagp.sys
0xF74B4000 Mup.sys
0xF7848000 \SystemRoot\system32\DRIVERS\p3.sys
0xF7305000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF72F1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF72DD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7858000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B50000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7868000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7938000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7940000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7878000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7888000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7898000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF72BA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7948000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7296000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF71B8000 \SystemRoot\system32\DRIVERS\HCF_MSFT.sys
0xF7950000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78A8000 \SystemRoot\system32\DRIVERS\dlkfet5b.sys
0xF7172000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF714E000 \SystemRoot\system32\drivers\portcls.sys
0xF78B8000 \SystemRoot\system32\drivers\drmk.sys
0xF78C8000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7B8A000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7D9A000 \SystemRoot\system32\DRIVERS\ctljystk.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7D9B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF711A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7708000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7718000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7960000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7069000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7728000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7968000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7970000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7738000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B8C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF700B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7490000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7778000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79C0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF6F25000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BBA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A40000 \SystemRoot\System32\drivers\vga.sys
0xF7BE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A48000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A50000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B4C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1B68000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1B0F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6ED5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1AE7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF12C8000 \SystemRoot\System32\drivers\afd.sys
0xF6EC5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF129D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1205000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6EB5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF11DF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6EA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF0E98000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7998000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF70CA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B0C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C85000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7B00000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE0AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDFF0000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEDC93000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDF48000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B78000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDD28000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xEDD18000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEDA2E000 \SystemRoot\system32\DRIVERS\srv.sys
0xED80D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7920000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xED393000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\kgtoraog.sys
0xED368000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 29):
0 System Idle Process
4 System
540 C:\WINDOWS\system32\smss.exe
588 csrss.exe
624 C:\WINDOWS\system32\winlogon.exe
680 C:\WINDOWS\system32\services.exe
692 C:\WINDOWS\system32\lsass.exe
848 C:\WINDOWS\system32\ati2evxx.exe
864 C:\WINDOWS\system32\svchost.exe
940 svchost.exe
1036 C:\WINDOWS\system32\svchost.exe
1368 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1520 C:\WINDOWS\system32\ati2evxx.exe
1596 C:\WINDOWS\explorer.exe
1748 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1772 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1780 C:\WINDOWS\system32\ctfmon.exe
216 C:\WINDOWS\system32\spoolsv.exe
444 C:\WINDOWS\system32\devldr32.exe
1320 C:\WINDOWS\system32\cisvc.exe
736 C:\Program Files\Java\jre6\bin\jqs.exe
1500 wdfmgr.exe
564 svchost.exe
1172 alg.exe
3544 C:\WINDOWS\system32\svchost.exe
3728 C:\WINDOWS\system32\cidaemon.exe
2700 C:\Program Files\Internet Explorer\iexplore.exe
2908 C:\Program Files\Internet Explorer\iexplore.exe
2028 C:\Documents and Settings\user\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: Maxtor6L080L0, Rev: BAJ41G20
Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
-
September 4th, 2010, 06:33 PM
#13
OK. Looks good 
Combofix, please.
-
September 4th, 2010, 08:33 PM
#14
ComboFix 10-09-04.03 - user 09/04/2010 20:06:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.384.179 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\ozqf
c:\program files\Common Files\ozqf\ozqfd\class-barrel
c:\program files\Common Files\ozqf\ozqfd\vocabulary
c:\program files\Common Files\ozqf\ozqfh
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\msvrc20.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 03:27 . 2010-09-04 03:27 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-04 03:27 . 2010-09-04 03:27 -------- d-----w- c:\program files\Trend Micro
2010-08-17 03:03 . 2010-08-17 03:03 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-50ca2b7b-n\decora-sse.dll
2010-08-17 03:03 . 2010-08-17 03:03 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-50ca2b7b-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 13:32 . 2008-12-23 03:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-20 17:35 . 2005-12-23 20:38 -------- d-----w- c:\program files\Java
2010-08-11 17:55 . 2005-12-24 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-08 02:44 . 2010-01-03 03:33 -------- d-----w- c:\program files\Veetle
2010-08-04 02:18 . 2010-08-04 02:18 -------- d-----w- c:\documents and settings\user\Application Data\Auslogics
2010-08-04 02:18 . 2010-08-04 02:18 -------- d-----w- c:\program files\Auslogics
2010-07-17 09:00 . 2010-04-20 00:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-10 22:15 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-26 22:54 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-26 22:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-26 22:54 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-26 22:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-26 22:54 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-26 22:54 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-26 22:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-26 22:54 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-12-23 16:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 00:56 . 2010-06-12 00:57 724992 ----a-w- c:\windows\iun6002.exe
2010-06-08 03:04 . 2010-06-08 03:04 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-346b2461-n\decora-d3d.dll
2010-06-08 03:04 . 2010-06-08 03:04 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-346b2461-n\decora-sse.dll
2006-07-15 20:12 . 2006-12-01 00:06 5949316 ----a-w- c:\program files\Red Hot Chilli Peppers- Tell Me Baby.mp3
2006-06-22 04:24 . 2006-12-01 00:06 4225744 ----a-w- c:\program files\Limewire Lime Wire Pro 4.12.3.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2005-12-12 03:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-06-05 17:35 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/26/2010 6:54 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/26/2010 6:54 PM 17744]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KGTORAOG
*Deregistered* - kgtoraog
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp
mSearch Bar = about:blank
uSearchURL,(Default) = about:blank
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 20:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-04 20:28:08
ComboFix-quarantined-files.txt 2010-09-05 00:28
Pre-Run: 51,636,473,856 bytes free
Post-Run: 51,679,461,376 bytes free
- - End Of File - - AD9B3204E4FCA1733A042EC9073B4702
-
September 4th, 2010, 08:36 PM
#15
Please, re-run Combofix and this time allow recovery console installation (as my instructions say).
Post new log.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
