Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Could someone look at these logs please.....
Options
-
15-08-2009 12:09pmHi All
I have a prob with my lappie, desktop has been hijacked and its slow as a big slow thing.
I tried all the steps outlined in the "Things to do before posting" and no luck.
Anyway here's the HiJackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:58, on 15/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Dodatki\Total CMA Pack\TOTALCMD.EXE
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Total CMA Pack] C:\Program Files\Dodatki\Total CMA Pack\Total CMA Pack.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 8515 bytes
And the Rooter log is here
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 6.0.2900.2180
Mozilla Firefox 3.0.9 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:2 Go )
\ [CD_Rom]
.
Scan : 12:08.51
Path : C:\Documents and Settings\Fa\My Documents\Downloads\Rooter.exe
User : Fa ( Administrator -> YES )
.
\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (432)
______ \??\C:\WINDOWS\system32\csrss.exe (480)
______ \??\C:\WINDOWS\system32\winlogon.exe (516)
______ C:\WINDOWS\system32\services.exe (564)
______ C:\WINDOWS\system32\lsass.exe (576)
______ C:\WINDOWS\system32\svchost.exe (716)
______ C:\WINDOWS\system32\svchost.exe (792)
______ C:\WINDOWS\System32\svchost.exe (836)
______ C:\WINDOWS\system32\svchost.exe (980)
______ C:\WINDOWS\system32\spoolsv.exe (1300)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1664)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (1700)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1732)
______ C:\Program Files\LogMeIn\x86\RaMaint.exe (1784)
______ C:\Program Files\LogMeIn\x86\LogMeIn.exe (1900)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1952)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1964)
______ C:\Program Files\LogMeIn\x86\LMIGuardian.exe (448)
______ C:\Program Files\CDBurnerXP\NMSAccessU.exe (476)
______ C:\WINDOWS\system32\PnkBstrA.exe (504)
______ C:\WINDOWS\system32\svchost.exe (140)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (732)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (1192)
______ C:\WINDOWS\system32\WgaTray.exe (700)
______ C:\WINDOWS\Explorer.EXE (1168)
______ C:\WINDOWS\system32\igfxtray.exe (2096)
______ C:\WINDOWS\system32\hkcmd.exe (2144)
______ C:\WINDOWS\system32\svchost.exe (2192)
______ C:\WINDOWS\VistaDrive\VistaDrive.exe (2232)
______ C:\Program Files\Unlocker\UnlockerAssistant.exe (2264)
______ C:\Program Files\LClock\LClock.exe (2272)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2292)
______ C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (2304)
______ C:\WINDOWS\SOUNDMAN.EXE (2316)
______ C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (2340)
______ C:\WINDOWS\System32\svchost.exe (2488)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2500)
______ C:\Program Files\Google\Gmail Notifier\gnotify.exe (2512)
______ C:\WINDOWS\tsnp2std.exe (2588)
______ C:\WINDOWS\vsnp2std.exe (2664)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2724)
______ C:\WINDOWS\system32\ctfmon.exe (2756)
______ C:\Program Files\LogMeIn\x86\LMIGuardian.exe (2764)
______ C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (2788)
______ C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (2804)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2852)
______ C:\Program Files\DNA\btdna.exe (3008)
______ C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (3076)
______ C:\Program Files\Dodatki\Total CMA Pack\TOTALCMD.EXE (3228)
______ C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3220)
______ C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (3316)
______ C:\WINDOWS\system32\wuauclt.exe (3832)
______ C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2120)
______ C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1100)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (3920)
______ C:\WINDOWS\system32\NOTEPAD.EXE (1736)
______ C:\Documents and Settings\Fa\My Documents\Downloads\Rooter.exe (3928)
.
\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:39999504384)
.
\\ Scheduled Tasks
.
\\ Registry
.
.
\\ Files & Folders
.
\\ Scan completed at 12:09.50
.
C:\Rooter$\Rooter_2.txt - (15/08/2009 | 12:09.50)
Thanks in advance guys
HB0
Comments
-
hi
Please download DDS and save it to your desktop.- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txts will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.0 -
Cheers for the reply ActorSeeksJob
Heres the DDS.txt
DDS (Ver_09-07-30.01) - NTFSx86
Run by Fa at 19:15:35.62 on 15/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.353.1033.18.1015.578 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Documents and Settings\Fa\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fa\Desktop\dds.pif
C:\Documents and Settings\Fa\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\fa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Detector U] "c:\program files\creative\mediasource5\CTDetctu.exe" /R
uRun: [Total CMA Pack] c:\program files\dodatki\total cma pack\Total CMA Pack.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [NWEReboot]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BVRPLiveUpdate] c:\program files\avanquest update\engine\setup.exe -s /patch,/srcupdatec:\docume~1\alluse~1\applic~1\sonyer~1\sonyer~1\liveup~1\LISTOF~1.DAT
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: HideRunAsVerb = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-15 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-15 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-15 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-15 47640]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-15 117672]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-08-15 19:14 <DIR> --d-h--- c:\windows\PIF
2009-08-15 11:54 <DIR> --d
C:\Rooter$
2009-08-15 11:50 <DIR> --d
c:\program files\Trend Micro
2009-08-13 20:34 114,688 a
c:\windows\system32\OdiOlDVR.dll
2009-08-13 20:34 86,016 a
c:\windows\system32\STRDEVAPI.dll
2009-08-13 20:34 53,248 a
c:\windows\system32\OdiAPI.dll
2009-08-13 20:18 73,728 a
c:\windows\system32\VNUSB.dll
2009-08-13 20:18 73,728 a
c:\windows\system32\DW90USB.DLL
2009-08-13 20:18 39,096 a
c:\windows\system32\drivers\DW90USB.SYS
2009-08-13 20:18 38,496 a
c:\windows\system32\drivers\VNUSB.sys
2009-08-13 20:02 <DIR> --d
c:\program files\Olympus
2009-08-12 03:07 <DIR> --d
c:\windows\ServicePackFiles
2009-08-12 00:02 80,896
c:\windows\system32\dllcache\tlntsess.exe
2009-08-12 00:02 76,288
c:\windows\system32\dllcache\telnet.exe
2009-08-12 00:02 134,144
c:\windows\system32\dllcache\wkssvc.dll
2009-08-12 00:02 84,992
c:\windows\system32\dllcache\avifil32.dll
2009-08-12 00:02 58,880
c:\windows\system32\dllcache\atl.dll
2009-08-12 00:02 204,800
c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 00:02 1,871,872
c:\windows\system32\dllcache\mstscax.dll
2009-08-12 00:01 128,512
c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 00:00 1,315,328
c:\windows\system32\dllcache\msoe.dll
2009-08-04 17:55 22 a
c:\windows\popcinfot.dat
2009-08-04 15:44 <DIR> --d
C:\MAME32_v0.106_Arcade_Starter_Pack
2009-08-02 18:39 <DIR> --d
C:\Games
2009-07-23 22:03 5,120 a--sh--- c:\windows\system32\Thumbs.db
2009-07-22 22:49 <DIR> --d
C:\Temp
2009-07-22 22:48 <DIR> --d
c:\docume~1\fa\applic~1\Thinstall
==================== Find3M ====================
2009-08-05 10:11 204,800 a
c:\windows\system32\mswebdvd.dll
2009-07-18 21:30 3,069,440
c:\windows\system32\dllcache\mshtml.dll
2009-07-18 17:00 1,509,888
c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 19:55 58,880 a
c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a
c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088
c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208
c:\windows\system32\dllcache\wmpdxm.dll
2009-07-07 18:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-07 18:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-03 11:32 335,752 a
c:\windows\system32\drivers\avgldx86.sys
2009-06-25 20:00 11,952 a
c:\windows\system32\avgrsstx.dll
2009-06-22 12:40 18,432
c:\windows\system32\dllcache\iedw.exe
2009-06-16 15:45 119,808 a
c:\windows\system32\t2embed.dll
2009-06-16 15:45 81,920 a
c:\windows\system32\fontsub.dll
2009-06-16 15:45 119,808
c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:45 81,920
c:\windows\system32\dllcache\fontsub.dll
2009-06-12 12:50 76,288 a
c:\windows\system32\telnet.exe
2009-06-10 15:21 84,992 a
c:\windows\system32\avifil32.dll
2009-06-10 07:26 134,144 a
c:\windows\system32\wkssvc.dll
2009-06-09 16:06 1,871,872 a
c:\windows\system32\mstscax.dll
2009-06-03 20:27 1,290,752 a
c:\windows\system32\quartz.dll
2009-06-03 20:27 1,290,752
c:\windows\system32\dllcache\quartz.dll
2009-05-21 14:59 1,017,344 a
c:\windows\system32\libeay32.dll
2009-05-21 14:59 200,704 a
c:\windows\system32\ssleay32.dll
2009-04-11 17:50 281 a
c:\program files\Local Disk (C).lnk
2009-03-05 13:46 22,328 a
c:\docume~1\fa\applic~1\PnkBstrK.sys
============= FINISH: 19:15:55.43 ===============
and heres the Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/02/2009 09:40:18
System Uptime: 15/08/2009 17:30:41 (2 hours ago)
Motherboard: Uniwill | | 755II5
Processor: Mobile Intel(R) Celeron(R) CPU 2.50GHz | CPU 1 | 2500/100mhz
==== Disk Partitions =========================
is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_103C1734&REV_02\3&267A616A&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_103C1734&REV_02\3&267A616A&0&FE
Service:
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.2
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Apple Software Update
µTorrent
AutoUpdate
Avanquest update
AVG Free 8.5
AviSplit Classic Version 1.43
CCleaner (remove only)
CDBurnerXP
Choice Guard
Cool Edit Pro 2.1
Creative Jukebox Driver
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
DivX Web Player
FastStone Image Viewer 3.6
FilmOn HDi Player
Free WMA to MP3 Converter 1.16
Gadwin PrintScreen
Google Chrome
Google Gears
Google Gmail Notifier
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 13
Kel's CPL 24-in-One Bonus Pack!
LogMeIn
Magic ISO Maker v5.5 (build 0273)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.0.9)
Mp3tag v2.43
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MusicBrainz Picard 0.10
MyPhoneExplorer
Olympus Digital Wave Player
OpenSource AVI Splitter (remove only)
Platform
Poster Forge 1.02
PPMate Network TV 2.0.0.41
PunkBuster Services
Quake Live Mozilla Plugin
Quick AVI Splitter v2.0
QuickTime
RAD Video Tools
RealPlayer
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sony Ericsson PC Suite 4.010.00
SopCast 3.0.3
Total CMA Pack 0.43 (public)
TVAnts 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
USB2.0 PC Camera (SN9C201&202)
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
Vista Drive Indicator!
VLC media player 0.9.2
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
==== Event Viewer Messages From Past Week ========
15/08/2009 11:26:53, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:50, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:49, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:47, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:47, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:47, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
15/08/2009 11:26:47, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2009 17:57:14, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
11/08/2009 17:57:14, error: Application Popup [877] - There was error [DATABASE NOT LOADED] processing the driver database.
==== End Of File ===========================
Cheers Again
HB0 -
hi
Download TFC to your desktop- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Archives
Mail databases
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.0
Advertisement