Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

markrski

32 Posts

9795

March 7th, 2008 02:00

How do I know my computer is safe

HI, I was  directed to start my own thread to make things less confusing and so here we are :)

I again apologize for any confusion on the other ones as I posted a huge log file.

 

In my previous thread I had stated that I too in hijack this had a  O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe  and downloaded combofix.exe and followed the directions after killbox wasn't working right.

 

I will post that at the bottom, but  I also said I did all the following stuff:

 

Hi, actaully this is odd. Last night before going to bed I went back to this kill box thing   and it still kept doing that but than I noticed an option to force a reboot which I did choose. I than went   back to hijack this, clicked on fixing that problem, rebooted and this time it was not there. I ran AVG last night and it  showed 0 problems whatsoever. However, this morning it is currently running saying I have a Ao136654.dll   that is a TrojanHorse downloadersmall.BVA   It isn't done scanning yet so I don't know as of this point if it is going to heal or not,   but I will let you know today if it does.
I assume I should still download the combo fix.   Oh, one other thing. For some reason for the last few days whenever I use outlook express and i open   up my email, I get a little grey box  that says AVG is scanning it (which it alwasys did before) but now t says it over and over again, the computer is slower and than then I alays get popserver not responding, do you want to wait or stop. Yet, I am able to still  read, and reply to emails successfully.   I think it is probbaly also good to give you a little recent background history. On Feb  27th late at night I recieved a horrible virus/malware/spyware program that opened up my cmd   window and it kept saying access denied to whatever was trying to get in there (my assumptionat least). I than got trusted antivirus which I never allowed to open since I didn't trust it as it was foreign. I also had gotten a cookingluck.com window opening on IE many times. I therefore downloaded a  free version 15 day trial of Symantic Norton 360 which seemed to at least stop any further damage and cleaned up a few things   I don't know if norton 360 is causing problems with avg email scan?   anyhow, I did all the following things as well: ran adaware several time, sypbot several time.  Ran CW shredder, downloaded AVG rootkit detector although it said it didn't find anything on  Feb 29th when I ran it. I also had this audio file running in which I could not detect where it was coming from so I unplugged my computer from my internet connection and just ran these progrmas and that seemed to get rid of it. I found a site that said to run spyhunter which I did, it found stuff, but than it said to fix it you have to pay (since I currently am broke, I don't want to pay for anything when there are so many free things you can do). I also had attempted to downlad a free trial of Macaffee but the process for this was so ridiculous that I chose against downloading it I ran Panda software free online scan it found 25 viruses, 8 hack tools and rootkits and 1 unknown. I posted the log to a computer friend of mine and he was concerened about only one or 2 items which I successfully got rid of and than he said the  Antivurus that you discussed here in this thread needed to be gotten rid of as well which it seems it is now gone. Anyway, I ran it again yesterday after successfully getting rid of many problems, even doing a java cache clean out etc.. and it gave me the exact same numbers so I am not sure if they give you a small number of hack tools to make you think you need to spend $12  for it to clean up or if I really have something. Again, the computer guy saw my log it saved and only questioned 1 or 2 things which I got rid of the first time.  I also  ran spyware vanisher which fixed a few things but then removed the program since I probably had too many spywares running.     OH, the virus scan is done. AVG found 1 threat, and successfully deleted that file

I will go ahead and do combofix and paste its results for you.

 

I did manage to get the file I needed out o f hijack this, but my

Combofix profile currently looks like this:

 

 

 

Bugbatter

4 Apprentice

 • 

20.5K Posts

March 7th, 2008 02:00



You should not be using Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer: Photobucket

Please post a HijackThis log on the HijackThis Board. Instructions are at the top of that board.
http://www.dellcommunity.com/supportforums/board?board.id=si_hijack




What is this?
2008-03-05 13:40 . 2008-03-05 13:59 d-------- C:\SDFix

One of the so-called "hack tools" perhaps?
Message Edited by Bugbatter on 03-06-2008 11:59 PM

markrski

32 Posts

March 7th, 2008 02:00

My combofix log:

 

Ok, here is my combofix log: ComboFix 08-03-05.3 - Mark Rutkowski 2008-03-06  9:46:24.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.339 [GMT -5:00]
Running from: C:\Documents and Settings\Mark Rutkowski\Desktop\ComboFix.exe
 * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.(((((((((((((((((((((((((   Files Created from 2008-02-06 to 2008-03-06  )))))))))))))))))))))))))))))))
.2008-03-06 00:53 . 2008-03-06 00:53 13,001 --a------ C:\hijackthis3og
2008-03-05 13:46 . 2008-03-05 13:46   d-------- C:\WINDOWS\ERUNT
2008-03-05 13:40 . 2008-03-05 13:59   d-------- C:\SDFix
2008-03-05 12:09 . 2008-03-05 12:10    d-------- C:\Program Files\CCleaner
2008-03-05 00:50 . 2008-03-05 21:42    d-------- C:\spywarevanisher-full
2008-03-05 00:50 . 2008-03-05 00:49  724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-05 00:30 . 2007-06-05 10:56  44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-04 11:32 . 2007-06-08 09:44  8,576 --a------ C:\WINDOWS\system32\drivers\ifvuailfreun.sys
2008-03-04 11:18 . 2008-03-05 11:43    d-------- C:\WINDOWS\system32\ActiveScan
2008-03-04 11:18 . 2008-03-05 08:49  30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-04 11:18 . 2008-03-05 08:52  2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-04 11:18 . 2008-03-05 08:51  1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 11:52 . 2008-03-03 11:58    d-------- C:\Program Files\XoftSpySE
2008-03-02 13:48 . 2008-03-02 13:48    d-------- C:\Documents and Settings\Mark Rutkowski\Application Data\Symantec
2008-03-02 10:46 . 2008-01-12 18:32  23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-02 10:46 . 2008-01-15 09:54  10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-02 10:46 . 2008-01-15 05:28  706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-01 14:03 . 2008-03-05 10:25    d-------- C:\Program Files\Norton 360
2008-03-01 14:01 . 2008-03-02 01:23  123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-01 14:01 . 2008-03-02 01:23  60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 14:01 . 2008-03-02 01:23  10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-01 14:01 . 2008-03-02 01:23  805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-01 13:59 . 2008-03-02 01:23    d-------- C:\Program Files\Symantec
2008-03-01 13:59 . 2008-03-06 09:12    d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-01 13:58 . 2008-03-05 09:50    d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-01 13:37 . 2008-03-01 13:37    d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-29 18:51 . 2007-01-18 07:00  3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-29 01:09 . 2008-02-29 01:09  77,824 --a------ C:\TaskManagerFix.exe
2008-02-27 11:41 . 2008-02-27 11:41  31,744 --a------ C:\Musts for 2-27-2008.doc
2008-02-26 11:35 . 2008-02-26 11:35  151,943 --a------ C:\Robbins profile 1.pdf
2008-02-25 13:57 . 2008-02-25 13:59  79,975 --a------ C:\hairloss.lit
2008-02-17 12:39 . 2008-02-17 12:39  33,792 --a------ C:\The Secret, I am grateful for.doc
2008-02-17 12:00 . 2008-02-17 12:00  32,768 --a------ C:\Certified Reports agreement.doc
2008-02-13 12:33 . 2008-02-13 12:33  162 --ah----- C:\~$sume 01-09-2008.doc
2008-02-12 14:21 . 2008-02-12 14:21  71,680 --a------ C:\Application for Progressive.doc
2008-02-10 11:59 . 2008-02-10 11:59  72,717 --a------ C:\deathstar.JPG
2008-02-08 20:30 . 2008-03-03 22:52  54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 20:30 . 2008-02-08 20:30  1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 19:29 . 2008-02-08 19:30    d-------- C:\Documents and Settings\Mark Rutkowski\Application Data\Move Networks .
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 14:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 03:20 --------- d-----w C:\Documents and Settings\Mark Rutkowski\Application Data\AVG7
2008-03-05 20:12 --------- d-----w C:\Program Files\Active Data Recovery Software
2008-03-05 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 15:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 14:54 --------- d-----w C:\Program Files\iTunes
2008-03-05 14:32 --------- d-----w C:\Program Files\2Wire
2008-03-05 03:59 --------- d-----w C:\Program Files\Java
2008-03-04 19:45 --------- d-----w C:\Program Files\ICQLite
2008-03-04 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 00:40 --------- d-----w C:\Program Files\Enigma Software Group
2008-02-27 14:42 --------- d-----w C:\Program Files\Street Atlas USA 9.0
2008-01-25 15:25 --------- d-----w C:\Program Files\Kinnexus
2007-06-04 13:56 46,352 ----a-w C:\Documents and Settings\Mark Rutkowski\Application Data\GDIPFONTCACHEV1.DAT
2006-02-13 18:27 13,824 ----a-w C:\Documents and Settings\Mark Rutkowski\atwbxdet.dll
2001-07-17 11:08 65,536 ------w C:\WINDOWS\inf\copyinf.exe
2004-12-22 00:21 3,547 --sha-w C:\WINDOWS\poheg.dat
. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Spyware Vanisher"="C:\spywarevanisher-full\SpywareVanisher.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-03 19:22 579072]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 13:51 57344]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 14:30 98304]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 03:52 393216]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-21 07:06 180269]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 13:08 36864]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-05-31 14:32 22528] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:28 219136] C:\Documents and Settings\Mark Rutkowski\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-03-03 09:56:34 43520]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 04:29:26 180224]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

 

markrski

32 Posts

March 7th, 2008 02:00

combofix part 3

 

S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2001-08-03 11:32]
S3 pmxscan;PrimaScan USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 RAWESR;RAWESR;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [2001-08-06 10:43]
S3 TAPBIND;TAPBIND;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS [2001-08-07 12:07] *Newly Created Service* - COMHOST
.
************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 09:54:21
Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0 **************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-06 10:01:15 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-06 15:01:08
.
2008-02-13 05:24:16 --- E O F --- 

 

markrski

32 Posts

March 7th, 2008 02:00

combofix part 2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckVolume"= {9c410ca7-7a74-4a24-b4b4-6ddde9da9334} - C:\WINDOWS\Installer\{9c410ca7-7a74-4a24-b4b4-6ddde9da9334}\CheckVolume.dll [ ] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pagis Schedule Monitor.lnk
backup=C:\WINDOWS\pss\Pagis Schedule Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mark Rutkowski^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=C:\Documents and Settings\Mark Rutkowski\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=C:\WINDOWS\pss\BOINC Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 16:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BookmarkCentral]
--a------ 2000-05-25 16:04 40960 C:\PROGRA~1\BMCENT~1\BMLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-08-02 14:33 159832 C:\Program Files\Common Files\AOL\1124230064\ee\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2002-11-05 05:11 1473111 C:\Program Files\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
--a------ 2000-05-31 14:27 31744 C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 14:45 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
--a------ 2000-05-31 14:32 22528 C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-03-21 07:06 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--a------ 2003-10-20 11:27 172032 C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Boinc-IRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kinnexus\\Kinnexus.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R2 PPPoEService;PPPoE Service;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [2000-07-11 10:48]

Message Edited by markrski on 03-06-2008 10:29 PM
Message Edited by markrski on 03-06-2008 10:30 PM

markrski

32 Posts

March 7th, 2008 03:00

Hi there, Actaully I will probably be   ok. I posted   something on some other person's problem which was similar  and I told them I did similar  things with killbox problems, and I followed the exact instructions he gave me for this tool. It was later he realized after posting the super long combofix log that he said to start my own topic becaus it is confusing. My computer seems to start fine. I would certainly be very afraid of that program if I didn't follow instructions.

Anyhow, you said to run hijack this and post a log and this is my  current hijack log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:58:54 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark Rutkowski\Desktop\HiJackThis_v2-1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Mark Rutkowski\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105828963211
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C290AD0D-5CD6-4F66-A46B-1362EAEAA7AF} - http://mioctad.com/3fa11500/10002/1/xp/FreeAccess.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O21 - SSODL: CheckVolume - {9c410ca7-7a74-4a24-b4b4-6ddde9da9334} - C:\WINDOWS\Installer\{9c410ca7-7a74-4a24-b4b4-6ddde9da9334}\CheckVolume.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13365 bytes

Was this post helpful?

View All

No Events found!

Top