Support Forum for TrojanHunter anti-malware remover and other products, including freeware

Welcome, Guest. Please Login or Register.

Search

Members

Login

Register

   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   my pc might be infected

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: my pc might be infected (Read 1100 times)

Thomas
Full Member

Gender:

Posts: 233

my pc might be infected
« on: Dec 21^st, 2008, 1:02pm »

Quote

Modify

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:19 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\yahoomessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli ent/muweb_site.cab?1224749584484
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5632 bytes

my net crashed 3 time and before i call bright house i just want make sure there aint no virus/trojan that making it crashed

IP Logged

Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #1 on: Dec 21^st, 2008, 2:09pm »

Quote

Modify

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 3:06:02 PM
mbam-log-2008-12-21 (15-06-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 122483
Time elapsed: 58 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #2 on: Dec 21^st, 2008, 2:39pm »

Quote

Modify

i went to plugin on trojanhunter and hit run and this came up

TrojanHunter Scan Report - Saved 2008-12-21 15:35

Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Malwarebytes' Anti-Malware
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Malwarebytes' Anti-Malware
AppInitChecker Executing
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Mal warebytes' Anti-Malware
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Malware bytes' Anti-Malware

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #3 on: Dec 21^st, 2008, 3:30pm »

Quote

Modify

here is my full scan log

TrojanHunter Scan Report - Saved 2008-12-21 16:28

Warning: Executable file with double extensions found: C:\Program Files\Microsoft Silverlight\2.0.31005.0\System.Net.dll
Warning: Executable file with double extensions found: C:\Program Files\Microsoft Silverlight\2.0.31005.0\System.ServiceModel.Web.dll
Warning: Executable file with double extensions found: C:\Program Files\Microsoft Silverlight\2.0.31005.0\System.Xml.dll
Warning: Executable file with double extensions found: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll
Warning: Unable to unpack UPX-packed file C:\Program Files\uTorrent\uTorrent.exe
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.X ML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b0 3f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f 11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\Sys tem.IO.Log.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System .XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5 c561934e089_c54ffe05\System.Xml.dll
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\subs\ERDNT.EXE
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa. dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
Warning: Unable to unpack UPX-packed file D:\cmdcons\usbuhci.sy_/usbuhci.sys
Warning: Unable to unpack UPX-packed file D:\I386\SYSTEM32\drivers\USBUHCI.SYS
Warning: Unable to unpack UPX-packed file D:\MiniNT\system32\drivers\USBUHCI.SYS

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #4 on: Dec 21^st, 2008, 4:44pm »

Quote

Modify

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2008 at 05:34 PM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 00:28:11

Memory items scanned : 363
Memory threats detected : 0
Registry items scanned : 4657
Registry threats detected : 0
File items scanned : 19116
File threats detected : 81

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hurricanetrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c5.zedo[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.popularscreensavers[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@imrworldwide[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.mtvnservices[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adreactor[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cache.trafficmp[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.widgetbucks[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickarrows[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.brandreachsys[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads-dev.youporn[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@youporn[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultfriendfinder[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@primetrafficsite[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.doubleclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracking.keywordmax[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@divx.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@netgear.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager.edgesuite[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@myroitracking[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serv.clicksor[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adlegend[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@247realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partner.finditquick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tripod[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www6.addfreestats[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.adbrite[1].txt

Spyware.RelevantKnowledge
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP4\A0000156. DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP4\A0000157. EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP4\A0000158. EXE

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #5 on: Dec 21^st, 2008, 5:24pm »

Quote

Modify

ComboFix 08-12-21.02 - Compaq_Owner 2008-12-21 18:04:12.1 - NTFSx86
Microsoft Windows XP Home Edition �5.1.2600.3.1252.1.1033.18.222.55 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( � Other Deletions � )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://speedytorrents.net
.
((((((((((((((((((((((((( � Files Created from 2008-11-21 to 2008-12-21 �)))))))))))))))))))))))))))))))
.

2008-12-21 15:19 . 2008-12-21 15:19<DIR>d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-21 15:18 . 2008-12-21 15:19<DIR>d--------c:\program files\SUPERAntiSpyware
2008-12-21 15:18 . 2008-12-21 15:18<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-12-21 15:17 . 2008-12-21 15:17<DIR>d--------c:\program files\Common Files\Wise Installation Wizard
2008-12-21 13:30 . 2008-12-21 13:30<DIR>d--------c:\program files\Malwarebytes' Anti-Malware
2008-12-21 13:30 . 2008-12-21 13:30<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2008-12-21 13:30 . 2008-12-21 13:30<DIR>d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 13:30 . 2008-12-03 19:5238,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 13:30 . 2008-12-03 19:5215,504--a------c:\windows\system32\drivers\mbam.sys
2008-12-18 09:50 . 2008-12-18 09:50<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\DivX
2008-12-18 06:37 . 2008-12-18 06:37<DIR>d--------c:\program files\AC3Filter
2008-12-18 06:37 . 2008-07-09 03:05421,888--a------c:\windows\system32\ac3filter.acm
2008-12-18 06:36 . 2008-12-18 06:36<DIR>d--------c:\program files\DivX
2008-12-18 05:37 . 2008-12-18 05:38<DIR>d--------c:\program files\MagicDVDRipper
2008-12-14 06:21 . 2003-10-28 05:0220,016---------c:\windows\system32\drivers\pxhelp20.sys
2008-12-13 04:40 . 2008-12-13 04:40<DIR>d--------C:\mysql
2008-12-09 21:43 . 2008-12-09 21:43<DIR>d--------c:\program files\Viewpoint
2008-12-09 21:43 . 2008-12-09 21:43<DIR>d--------c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-07 21:44 . 2006-03-03 10:02658,432--a------c:\windows\system32\cc3270mt.dll
2008-12-07 21:44 . 2003-05-21 13:5024,576--a------c:\windows\system32\msxml3a.dll
2008-12-06 21:55 . 2004-05-14 16:53462,848--a------c:\windows\system32\ltkrn13n.dll
2008-12-06 21:55 . 2004-05-14 16:53450,560--a------c:\windows\system32\ltimg13n.dll
2008-12-06 21:55 . 2004-05-14 16:53401,408--a------c:\windows\system32\lfcmp13n.dll
2008-12-06 21:55 . 2004-05-14 16:53299,008--a------c:\windows\system32\ltdis13n.dll
2008-12-06 21:55 . 2004-01-12 02:09206,336--a------c:\windows\system32\ltefx13n.dll
2008-12-06 21:55 . 2004-05-14 16:53163,840--a------c:\windows\system32\ltfil13n.dll
2008-12-06 21:55 . 2003-11-04 15:1069,632--a------c:\windows\system32\lfgif13n.dll
2008-12-06 21:55 . 2004-05-14 16:5357,344--a------c:\windows\system32\lfbmp13n.dll
2008-11-23 20:07 . 2008-11-23 20:07<DIR>d--------c:\documents and settings\Compaq_Owner\Contacts
2008-11-23 20:04 . 2008-11-23 20:04<DIR>d--------c:\program files\MSN Messenger
2008-11-21 16:47 . 2008-11-21 16:473,596,288--a------c:\windows\system32\qt-dx331.dll
2008-11-21 16:47 . 2008-11-21 16:47524,288--a------c:\windows\system32\DivXsm.exe
2008-11-21 16:47 . 2008-11-21 16:474,816--a------c:\windows\system32\divxsm.tlb
2008-11-21 16:46 . 2008-11-21 16:461,044,480--a------c:\windows\system32\libdivx.dll
2008-11-21 16:46 . 2008-11-21 16:46200,704--a------c:\windows\system32\ssldivx.dll
2008-11-21 16:44 . 2008-11-21 16:44161,096--a------c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 . 2008-11-21 16:4412,288--a------c:\windows\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( � Find3M Report � ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 23:00---------d---a-wc:\documents and settings\All Users\Application Data\TEMP
2008-12-21 20:23---------d-----wc:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-12-18 12:37---------d-----wc:\program files\TrojanHunter 5.0
2008-12-14 11:22---------d-----wc:\program files\Winamp
2008-11-14 09:29---------d-----wc:\program files\MySpace
2008-11-14 09:29---------d-----wc:\documents and settings\Compaq_Owner\Application Data\MySpace
2008-10-31 01:20---------d-----wc:\documents and settings\Compaq_Owner\Application Data\Windows Search
2008-10-24 12:01---------d-----wc:\program files\Common Files\Adobe Systems Shared
2008-10-24 12:01---------d-----wc:\program files\Common Files\Adobe
2008-10-24 11:21455,296----a-wc:\windows\system32\drivers\mrxsmb.sys
2008-10-23 11:44---------d-----wc:\documents and settings\All Users\Application Data\Yahoo!
2008-10-23 11:42---------d-----wc:\program files\Yahoo!
2008-10-23 11:41---------d-----wc:\program files\Trend Micro
2008-10-23 11:15---------d-----wc:\documents and settings\Compaq_Owner\Application Data\Digital Asphyxia
2008-10-23 11:15---------d-----wc:\documents and settings\All Users\Application Data\Digital Asphyxia
2008-10-23 11:14---------d-----wc:\program files\Digital Asphyxia
2008-10-23 11:14---------d-----wc:\documents and settings\All Users\Application Data\Tarma Installer
2008-10-23 11:10---------d-----wc:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
2008-10-23 08:16---------d-----wc:\program files\Microsoft Silverlight
2008-10-23 08:16---------d-----wc:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-23 08:01---------d-----wc:\program files\MSXML 6.0
2008-10-23 07:54---------d-----wc:\program files\MSBuild
2008-10-23 07:51---------d-----wc:\program files\Reference Assemblies
2008-10-23 07:31---------d-----wc:\documents and settings\Compaq_Owner\Application Data\Windows Desktop Search
2008-10-23 07:30---------d-----wc:\program files\Windows Desktop Search
2008-10-23 07:28---------d-----wc:\program files\Windows Media Connect 2
2008-10-23 05:49---------d-----wc:\program files\uTorrent
2008-10-23 04:14---------d-----wc:\program files\Common Files\InstallShield
2008-10-23 04:12---------d--h--wc:\program files\InstallShield Installation Information
2008-10-23 03:49---------d-----wc:\program files\iTunes
2008-10-23 03:49---------d-----wc:\program files\iPod
2008-10-23 03:49---------d-----wc:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 03:48---------d-----wc:\program files\QuickTime
2008-10-23 03:48---------d-----wc:\program files\Bonjour
2008-10-23 03:47---------d-----wc:\program files\Common Files\Apple
2008-10-23 03:47---------d-----wc:\program files\Apple Software Update
2008-10-23 03:47---------d-----wc:\documents and settings\All Users\Application Data\Apple Computer
2008-10-23 03:46---------d-----wc:\documents and settings\All Users\Application Data\Apple
2008-10-23 03:42---------d-----wc:\program files\Java
2008-10-23 03:20---------d-----wc:\program files\7-Zip
2008-10-23 03:011,857--sha-rc:\windows\system32\drivers\103C_HP_CPC_ED861AA-ABA SR1603WM NA540_YC_0Pres_QCNH542_E54NAheRED2_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.08_T050913_WXH2_L409_M223_J80_7AMD_8Sempron_91.79_#051225_ N10EC8139_Z14F12F20_G10025954.MRK
.

((((((((((((((((((((((((((((((((((((( � Reg Loading Points � ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"Y!TunnelPro"="c:\program files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe" [2008-09-27 1412608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-09-10 1056928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Digital Asphyxia\\Y!TunnelPro 2.5\\YTPro.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-21 170640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-12-09 24652]
R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-21 15504]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

************************************************************************ **

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 18:13:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648 )
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-21 18:16:45
ComboFix-quarantined-files.txt �2008-12-21 23:16:21

Pre-Run: 58,224,181,248 bytes free
Post-Run: 59,723,051,008 bytes free

177--- E O F ---2008-12-11 17:16:18

« Last Edit: Dec 21^st, 2008, 5:30pm by Thomas »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: my pc might be infected
« Reply #6 on: Dec 21^st, 2008, 11:01pm »

Quote

Modify

Your Hijackthis log is showing no infections. HOWEVER, there are some things that concern me in the logs that you posted.

1. Your JAVA is very much out-of-date. You are on Update 7. The latest security release is Update 11. It is important to use the latest Java update because each update closes security holes discovered in this software.

- Go to the link below and download/install Java SE Runtime Environment (JRE) 6 Update 11

http://java.sun.com/javase/downloads/index.jsp

- Once you complete the update, go to Control Panel>Add and Remove Programs. Uninstall old versions of JAVA. You should keep only Java(TM) 6 Update 11.

2. Are you running a licensed version of MalwareBytes Anti-Malware with realtime protection? The reason for my question is the registry items below that TrojanHunter deleted.

Quote:

Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Malwarebytes' Anti-Malware
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Malwarebytes' Anti-Malware
AppInitChecker Executing
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Mal warebytes' Anti-Malware
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Malware bytes' Anti-Malware

These look like False Positive removals by TrojanHunter. If you are running a licensed version of MBAM with realtime protection, uninstall/re-install MBAM. It is possible that this could be the cause of your net crashing.

4. Combofix is flagging website hxxp://speedytorrents.net as malicious. Are you using this site for downloads? Is it in your Trusted sites in your browser. Is it in your HOSTS file at C:\Windows\System32\Drivers\etc. ?

5. Concerning Combofix, when you have a need to run it, you should always download the latest version because this tool is very frequently updated to detect the latest malicious software.

IP Logged

______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #7 on: Dec 22^nd, 2008, 5:34am »

Quote

Modify

i never ben to that site before and when my net crashed that when i reinstall SUPERAntiSpyware and Malwarebytes' Anti-Malware and i allreaddy sent the files to gavin but i did not put False Positive in the email and i did not know it was a False Positive atthe time and i thought i had java update 11 install and yes it a full pay program

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #8 on: Dec 22^nd, 2008, 6:30am »

Quote

Modify

i install Java(TM) 6 Update 11 and remove the old version

« Last Edit: Dec 22^nd, 2008, 6:53am by Thomas »

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #9 on: Dec 22^nd, 2008, 8:42am »

Quote

Modify

here is a new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:23 AM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\yahoomessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli ent/muweb_site.cab?1224749584484
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6143 bytes

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: my pc might be infected
« Reply #10 on: Dec 22^nd, 2008, 9:46am »

Quote

Modify

Okay...your HJT looks good and non-infected. � Cheesy

I emailed Gavin about the TH false positives for MBAM earlier this morning.

« Last Edit: Dec 22^nd, 2008, 9:47am by siliconman01 »

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #11 on: Dec 22^nd, 2008, 10:54am »

Quote

Modify

on Dec 22^nd, 2008, 9:46am, siliconman01 wrote:

Okay...your HJT looks good and non-infected. � Cheesy

I emailed Gavin about the TH false positives for MBAM earlier this morning.

i say trojanhunter has iusse but i know it will be fix but it only pick it up when i hit plugin and then hit run when i do a full scan nothing

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: my pc might be infected
« Reply #12 on: Dec 22^nd, 2008, 1:43pm »

Quote

Modify

Quote:

i say trojanhunter has iusse but i know it will be fix but it only pick it up when i hit plugin and then hit run

I don't understand what you mean by "plugin". Can you please provide me more info on what you are doing to cause it to detect the false positives in the registry?

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: my pc might be infected
« Reply #13 on: Dec 22^nd, 2008, 3:09pm »

Quote

Modify

on Dec 22^nd, 2008, 1:43pm, siliconman01 wrote:

I don't understand what you mean by "plugin". �Can you please provide me more info on what you are doing to cause it to detect the false positives in the registry?

http://img185.imageshack.us/my.php?image=53116030ss8.jpg

and thanks tom you r the man

« Last Edit: Dec 22^nd, 2008, 3:22pm by Thomas »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: my pc might be infected
« Reply #14 on: Dec 22^nd, 2008, 3:32pm »

Quote

Modify

Okay...now I understand. Just don't let it remove them when you run the plugin. Wink

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »