Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 28th, 2008, 1:18pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Please help		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Please help  (Read 120 times)
rabbit
Newbie
*





   


Posts: 6
Please help
« on: Jul 29th, 2008, 5:01am »		 Quote Quote  Modify Modify
Hello All ,
Could you p[lease check the enclosed logs ,have had a terrible time with hacker and now i hope your software will sort this out.
Thankyou
ComboFix 08-07-28.4 - Administrator 07/29/2008 16:28:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.874.1.1033.18.1671 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\system32\x64
 
.
(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-29  )))))))))))))))))))))))))))))))
.
 
No new files created in this timespan
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 09:42
---------
d-----w
C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-07-28 09:09
---------
d-----w
C:\Program Files\TrojanHunter 5.0
2008-07-28 08:02
---------
d-----w
C:\Program Files\Common Files\Adobe AIR
2008-07-28 08:01
---------
d-----w
C:\Program Files\Common Files\Adobe
2008-07-28 06:47
---------
d---a-w
C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 01:50
---------
d-----w
C:\Program Files\The Cleaner Free
2008-07-27 15:15
---------
d-----w
C:\Program Files\VS Revo Group
2008-07-27 09:20
---------
d-----w
C:\Program Files\Agnitum
2008-07-27 08:54
---------
d-----w
C:\Program Files\microsoft frontpage
2008-07-27 07:49
---------
d-----w
C:\Documents and Settings\All Users\Application Data\Agnitum
2008-07-27 07:04
5,376
----a-w
C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-27 05:51
---------
d-----w
C:\Program Files\CONEXANT
2008-07-27 05:47
---------
d-----w
C:\Program Files\Common Files\Cisco Systems
2008-07-27 05:24
---------
d-----w
C:\Program Files\Windows Media Connect 2
2008-07-27 05:24
---------
d-----w
C:\Program Files\Unlocker
2008-07-27 05:24
---------
d-----w
C:\Program Files\Microsoft PowerToys
2008-07-27 05:24
---------
d-----w
C:\Program Files\LClock
2008-07-27 05:24
---------
d-----w
C:\Program Files\HashTab Shell Extension
2008-07-11 08:41
673,920
----a-w
C:\WINDOWS\system32\drivers\SandBox.sys
2008-06-30 10:16
30,864
----a-w
C:\WINDOWS\system32\drivers\afw.sys
2008-06-30 10:16
234,640
----a-w
C:\WINDOWS\system32\drivers\afwcore.sys
2008-06-20 17:46
245,248
----a-w
C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46
245,248
------w
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46
147,968
------w
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51
361,600
----a-w
C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51
361,600
------w
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40
138,496
----a-w
C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40
138,496
------w
C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08
225,856
----a-w
C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08
225,856
------w
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05
272,128
------w
C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05
272,128
------w
C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 10:36
1,072,722
----a-w
C:\WINDOWS\system32\drivers\VBEngNT.sys
2008-05-09 10:53
90,112
----a-w
C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53
90,112
------w
C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53
512,000
------w
C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53
430,080
----a-w
C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53
430,080
------w
C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53
180,224
----a-w
C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53
180,224
------w
C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53
172,032
----a-w
C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53
172,032
------w
C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-09 08:45
135,168
----a-w
C:\WINDOWS\system32\cscript.exe
2008-05-09 08:45
135,168
------w
C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-08 14:02
203,136
------w
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24
155,648
----a-w
C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24
155,648
------w
C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 05:12
1,288,192
----a-w
C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12
1,288,192
------w
C:\WINDOWS\system32\dllcache\quartz.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 07:12 AM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 07:12 AM 1695232]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/05/2007 10:13 PM 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/05/2007 10:13 PM 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/05/2007 10:13 PM 137752]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM 65536]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [07/15/2008 01:57 PM 1207128]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" [07/15/2008 01:38 PM 435544]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [07/09/2008 06:54 PM 1056928]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [07/26/2006 10:44 PM 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 07:12 AM 15360]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
 
R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [07/11/2008 03:41 PM]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [07/15/2008 01:38 PM]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [06/30/2008 05:16 PM]
R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [06/30/2008 05:16 PM]
R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [07/11/2008 03:42 PM]
R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\DRIVERS\VBEngNT.sys [06/04/2008 05:36 PM]
R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [07/11/2008 03:42 PM]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup
REG_SZ    
hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
.
Contents of the 'Scheduled Tasks' folder
 
2008-07-28 C:\WINDOWS\Tasks\TrojanHunter LiveUpdate.job
- C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate\LiveUpdate.exe [07/09/2008 06:54 PM]
 
2008-07-29 C:\WINDOWS\Tasks\TrojanHunter Scanner.job
- C:\Program Files\TrojanHunter 5.0\thcl.exe [07/09/2008 06:54 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
 
 
************************************************************************ **
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 16:31:50
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,0 0,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,0 0,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,0 0,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,0 0,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,0 0,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,0 0,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,0 0,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,0 0,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f, 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32, 00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c, 00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,0 0,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,0 0,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,0 0,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,0 0,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,0 0,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,0 0,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,0 0,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,0 0,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,0 0,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,0 0,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,0 0,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,0 0,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f, 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32, 00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c, 00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TrojanHunter 5.0\THSec.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
.
************************************************************************ **
.
Completion time: 07/29/2008 16:33:13 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-29 09:33:07
 
Pre-Run: 74,348,531,712 bytes free
Post-Run: 74,353,111,040 bytes free
 
--------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:08, on 29/7/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dumpShockeds_startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00 ,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00 ,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00 ,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00 ,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
 
--
End of file - 4851 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Please help
« Reply #1 on: Jul 29th, 2008, 5:34am »		 Quote Quote  Modify Modify
Welcome to the forum rabbit,
 
Your Hijackthis log is not showing anything malicious.  However, that does not mean that your totally clean.  
 
I recommend the following:
 
1.  Delete Combofix.exe from your Desktop or whereever you saved it to.
 
-  Delete the Combofix log
 
-  Delete the Combofix quarantine folder which is a folder named Qoobox and is probably located at C:\ root file
 
2.  You are using the Trial Version of TrojanHunter, correct?  If so, the Trial Version does not activate the LiveUpdate feature.  Please manually update your rulesets to obtain the latest rulesets.  The link below is for the manual update and describes what to do.
 
http://www.misec.net/trojanhunter/updating/
 
3.  Once you have updated manually, reboot your computer into SAFE MODE and run a FULL SCAN of your system with TrojanHunter.  Let it quarantine what it finds.
 
4.  Then reboot your computer back into Normal Mode.  
 
5.  If TrojanHunter found anything malicious, please post the scan report from the TH scan.  It is stored in C:\Program Files\TrojanHunter 5.0\Scan Reports.
 
6.  Then run a REMOTE Scan using Kaspersky's remote scanner.
 
-  Use Internet Explorer to access the Kaspersky website.  It will need to download an ActiveX component for the scan.  Please let it download/install the ActiveX component.
 
-  Before starting the remote scan, temporarily disable your security programs Except your software firewall.  
 
-  Close down as many programs as you can which are in the Notification tray (icons next to the Taskbar clock).
 
-  Run a FULL scan of your system.
 
-  Kaspersky Remote scanner will not delete or quarantine anything.  It will log/report any malicious items it finds so that we can see if you do have infections that need to be addressed.
 
-  The Remote scanner link for Kaspersky is  
 
http://www.kaspersky.com/virusscanner
 
7.  Post the scan log of Kaspersky
 
8.  Post a new Hijackthis log.
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
rabbit
Newbie
*





   


Posts: 6
Re: Please help
« Reply #2 on: Jul 29th, 2008, 8:35am »		 Quote Quote  Modify Modify
Thankyou for a very quick response,the kaspersky scan was clean and trojan hunter log file below
 
TrojanHunter Scan Report - Saved 2008-07-29 17:25
 
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe:Zone.Identifier:$DATA
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/catchme.cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/ERDNT.e_e
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/Upx.xmkabecu/catchme.cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Desktop\ComboFix.exe/Upx.xmkabecu/ERDNT.e_e
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\Opera_951_in_Setup.exe:Zone.Identifier:$D ATA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\OutpostSecuritySuiteProInstall.exe:Zone.I dentifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\Reverse-Selection.pdf:Zone.Identifier:$DA TA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\special-offer.html:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\TrojanHunterSetup(2).exe:Zone.Identifier: $DATA
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\UntappedTrafficRevealed.pdf:Zone.Identifi er:$DATA
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3fnpmeb7.default\Cache\C2152591d01/catchme .cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3fnpmeb7.default\Cache\C2152591d01/ERDNT.e _e
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3fnpmeb7.default\Cache\C2152591d01/Upx.ina qrtqk/catchme.cfexe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3fnpmeb7.default\Cache\C2152591d01/Upx.ina qrtqk/ERDNT.e_e
Warning: Executable file with double extensions found: C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
Warning: Unable to unpack UPX-packed file C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
Warning: Unable to unpack UPX-packed file C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
Warning: Unable to unpack UPX-packed file C:\WINDOWS\erdnt\subs\ERDNT.EXE
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3 e\vbc7ui.kor.dll
Warning: Unable to unpack UPX-packed file C:\WINDOWS\upx.exe
Error: Directory not found: E:\
Error: Directory not found: E:\
IP Logged
rabbit
Newbie
*





   


Posts: 6
Re: Please help
« Reply #3 on: Jul 29th, 2008, 8:40am »		 Quote Quote  Modify Modify
ooops!
 
Forgot the hijack file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:03, on 29/7/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dumpShockeds_startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00 ,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00 ,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00 ,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00 ,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
 
--
End of file - 5733 bytes
I bought the Trojan Hunter Software on the 27th July...thanks again..
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Please help
« Reply #4 on: Jul 29th, 2008, 11:36am »		 Quote Quote  Modify Modify
There certainly does not appear to be anything malicious on your system.  
 
Is your system running okay now?  What symptoms are you seeing that causes you to feel that you have an infection?
 
Concerning your TH log-
 
1.  You need to delete Combofix.exe from your desktop.
 
2.  Hijackthis should not be run from your desktop.  It should be in a dedicated folder on your hard drive.  If it is run from the desktop, it will not save backups should it be used to fix something.  Is the one on your desktop an old version?  The Trend Micro Hijackthis V2.0.2 should have installed itself on your hard drive at C:\Program Files\Trend Micro\Hijackthis.  
 
Quote:
Found NTFS alternate data stream: C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe:Zone.Identifier:$DATA  

 
3.  Concerning the NTFS alternate data stream warning items, the next time you run a TH scan, wait for the scan to complete.  Then right click on each of these items and select "Delete Alternate Data Stream".  Once you delete the ADS, it will not return unless your download the file again from the Internet.
 
A description of Alternate Data Streams is at the link below.
 
http://www.misec.net/forum/board/FAQ/1139255678
 
4.  Concerning the double extension warning items, please read the info in the link below:
 
http://www.misec.net/forum/board/FAQ/1139255660
 
The double extension files shown in your log are all known good files.  I recommend that you uncheck the double extension log option so that these do not clutter your log file.  This is the very last option when you open the TH scanner and click on the Options icon in the left icon bar.  
 
5.  Concerning the items that TH is unable to unpack, this is not uncommon.  It just means that the files are packed via an algorithm that TH is not yet programmed to unpacked.  Magnus typically adds additional unpackers when a new TH version is released.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
rabbit
Newbie
*





   


Posts: 6
Re: Please help
« Reply #5 on: Jul 29th, 2008, 7:35pm »		 Quote Quote  Modify Modify
Have made all the corrections suggested,thankyou for giving my pc the all clear  Cheesy
 
Everything seems to be working fine and fast again since installing your software.Thankyou for your excellent member support and guidence......top notch!
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Please help
« Reply #6 on: Jul 30th, 2008, 12:06am »		 Quote Quote  Modify Modify
You are very welcome  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
rabbit
Newbie
*





   


Posts: 6
Re: Please help
« Reply #7 on: Aug 2nd, 2008, 1:07am »		 Quote Quote  Modify Modify
Hello siliconman01,
 
A little embarrassed to be back so quick
 
 Embarassed ,all was well until yesterday .I have checked my download speed an it should be 1750kbps and i receive 6.2kbps....
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:19, on 2/8/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O20 - AppInit_DLLs:  ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\ adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00 ,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00 ,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00 ,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00 ,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
 
--
End of file - 6087 bytes
Any help would be very welcome Huh
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Please help
« Reply #8 on: Aug 2nd, 2008, 1:31am »		 Quote Quote  Modify Modify
Hello again,  Wink
 
There is nothing malicious showing up in your HJT scan log.  
 
Your problem sounds like you a flaky internet connection which could be a number of things ranging from an problem at your ISP, to a loose connection in your transmission line, to a flaky modem, to an improperly specified Internet connection setting.  
 
You may wish to examine TCP Optimizer located at the website below.  BE SURE to read up on this before using it.  
 
http://www.speedguide.net/downloads.php
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
rabbit
Newbie
*





   


Posts: 6
Re: Please help
« Reply #9 on: Aug 2nd, 2008, 2:09am »		 Quote Quote  Modify Modify
Thanks...Glad to here its not a malicious program Cheesy
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register