|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Infection? I am posting my logs from RSIT
Hello, I think I may be infected, but not sure, any help would be GREATLY appreciated!
Thanks! info.txt logfile of random's system information tool 1.04 2008-11-28 22:32:20 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AI Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9 Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" EVGA Precision 1.3.2-->"C:\Program Files\EVGA Precision\uninstall.exe" Express Gate-->MsiExec.exe /I{685C7EBA-82F4-44F8-9514-911A69850DA3} Fraps (remove only)-->"C:\Frap\uninstall.exe" GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spunin st.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG =====HijackThis Backups===== O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...43/mcfscan.cab ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081128-0] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- I will post the second report, says the too many characters for both. |
#2
|
|||
|
|||
Logfile of random's system information tool 1.04 (written by random/random)
Run by Me at 2008-11-28 22:32:18 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 295 GB (97%) free of 305 GB Total RAM: 3071 MB (85% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:19 PM, on 11/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\EVGA Precision\EVGAPrecision.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Me\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Me.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220780195390 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5350 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-28 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-28 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-28 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048] "nwiz"=nwiz.exe /install [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136] "QFan Help"=C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432] "Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.d ll [2008-07-26 86016] "EVGAPrecision"=C:\Program Files\EVGA Precision\EVGAPrecision.exe [2008-08-11 236560] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-28 136600] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.e xe [2008-07-19 78008] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "HijackThis startup scan"=C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2008-11-28 396288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-05-09 1423360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E] shell\AutoRun\command - E:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2008-11-28 22:32:18 ----D---- C:\rsit 2008-11-28 21:48:42 ----A---- C:\WINDOWS\system32\aswBoot.exe 2008-11-28 19:48:56 ----A---- C:\boot.ini.save 2008-11-28 19:45:19 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-28 19:45:19 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-28 19:45:19 ----A---- C:\WINDOWS\system32\java.exe 2008-11-28 19:45:09 ----D---- C:\Program Files\Java 2008-11-28 18:11:05 ----D---- C:\WINSSLog 2008-11-28 15:14:39 ----D---- C:\fsaua.data 2008-11-28 03:52:13 ----D---- C:\Program Files\Trend Micro 2008-11-28 02:10:34 ----SHD---- C:\RECYCLER 2008-11-28 02:07:13 ----A---- C:\ComboFix.txt 2008-11-28 02:05:49 ----D---- C:\ComboFix 2008-11-28 01:02:05 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-28 00:38:20 ----A---- C:\Boot.bak 2008-11-28 00:38:16 ----RASHD---- C:\cmdcons 2008-11-28 00:30:20 ----A---- C:\WINDOWS\zip.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\VFIND.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\SWSC.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\SWREG.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\sed.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\grep.exe 2008-11-28 00:30:20 ----A---- C:\WINDOWS\fdsv.exe 2008-11-28 00:30:17 ----D---- C:\WINDOWS\ERDNT 2008-11-28 00:30:17 ----D---- C:\Qoobox 2008-11-28 00:11:20 ----D---- C:\VundoFix Backups 2008-11-28 00:11:20 ----A---- C:\VundoFix.txt 2008-11-27 23:57:11 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-27 23:57:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-27 22:52:29 ----A---- C:\Documents and Settings\Me\Application Data\netstat.bat 2008-11-27 22:48:06 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt 2008-11-27 22:48:00 ----D---- C:\Program Files\Sunbelt Software 2008-11-25 13:54:00 ----D---- C:\Program Files\Windows Live Safety Center 2008-11-24 22:34:09 ----D---- C:\GameSpy Arcade Setup 2008-11-24 21:31:43 ----A---- C:\WINDOWS\system32\MSVCR71.dll 2008-11-24 21:31:43 ----A---- C:\WINDOWS\system32\MSVCP71.dll 2008-11-24 21:31:43 ----A---- C:\WINDOWS\system32\MFC71.dll 2008-11-24 21:31:42 ----D---- C:\Program Files\Alwil Software 2008-11-24 19:29:02 ----D---- C:\WINDOWS\McAfee.com 2008-11-24 19:01:45 ----D---- C:\Program Files\Panda Security 2008-11-22 13:02:27 ----D---- C:\Documents and Settings\Me\Application Data\Mozilla 2008-11-22 12:23:33 ----D---- C:\Program Files\Mozilla Firefox 2008-11-11 17:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-11 17:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-11 17:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-09 20:05:03 ----D---- C:\Program Files\STOIK 2008-11-09 19:27:10 ----D---- C:\WEB_BACKUP 2008-11-09 19:24:57 ----D---- C:\Program Files\JM Integrated Remote Station 2008-11-01 20:32:21 ----D---- C:\Documents and Settings\Me\Application Data\U3 ======List of files/folders modified in the last 1 months====== 2008-11-28 22:29:22 ----D---- C:\WINDOWS\system32 2008-11-28 22:29:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-28 22:25:28 ----D---- C:\WINDOWS\Temp 2008-11-28 22:25:02 ----RD---- C:\Program Files 2008-11-28 22:23:55 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-28 22:13:11 ----D---- C:\WINDOWS\system32\drivers 2008-11-28 22:07:27 ----D---- C:\WINDOWS\Prefetch 2008-11-28 21:45:48 ----D---- C:\WINDOWS 2008-11-28 21:45:44 ----D---- C:\WINDOWS\system32\config 2008-11-28 21:44:06 ----SHD---- C:\WINDOWS\Installer 2008-11-28 21:44:06 ----HD---- C:\Config.Msi 2008-11-28 21:43:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-28 21:43:50 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-28 21:43:06 ----HD---- C:\WINDOWS\inf 2008-11-28 19:48:56 ----RSH---- C:\boot.ini 2008-11-28 19:11:20 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-28 19:09:15 ----SHD---- C:\System Volume Information 2008-11-28 19:09:15 ----D---- C:\WINDOWS\system32\Restore 2008-11-28 18:53:13 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-28 03:49:18 ----D---- C:\Program Files\EVGA Precision 2008-11-28 03:39:50 ----D---- C:\Frap 2008-11-28 03:17:59 ----D---- C:\Program Files\Common Files 2008-11-28 03:17:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-28 03:17:13 ----D---- C:\Documents and Settings\Me\Application Data\Adobe 2008-11-28 02:55:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2008-11-28 02:06:46 ----A---- C:\WINDOWS\system.ini 2008-11-28 02:06:31 ----D---- C:\WINDOWS\AppPatch 2008-11-27 16:09:04 ----D---- C:\WINDOWS\system32\Macromed 2008-11-26 05:01:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-25 21:57:52 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2008-11-25 21:55:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-25 21:51:26 ----D---- C:\Program Files\NOS 2008-11-25 21:50:07 ----SD---- C:\WINDOWS\Tasks 2008-11-24 22:35:36 ----D---- C:\Program Files\GameSpy Arcade 2008-11-24 18:53:42 ----D---- C:\Program Files\Internet Explorer 2008-11-24 17:04:11 ----SD---- C:\Documents and Settings\Me\Application Data\Microsoft 2008-11-21 23:02:56 ----A---- C:\YServer.txt 2008-11-21 23:02:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-11-13 22:21:08 ----HD---- C:\Program Files\InstallShield Installation Information 2008-11-11 17:20:35 ----D---- C:\WINDOWS\Debug 2008-11-11 17:12:55 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-11 17:12:53 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-26 6097536] R3 RTCore32;RTCore32; \??\C:\Program Files\EVGA Precision\RTCore32.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] |
#3
|
|||
|
|||
here is the rest of the second report.
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-28 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-26 159812] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-07 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-28 201352] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- |
#4
|
||||
|
||||
Welcome to CTH Txman777,
Other than having no real reason to set HijackThis to run as a startup I don't see anything amiss here. You have Malwarebytes - did some scan already done with that locate/remove infection? If so, open that and post back the log from the removal scan step done. |
#5
|
|||
|
|||
Okay, thanks Tom! I'll change Hijack this settings. I had Windows Live Onecare, and kept having trouble with it. It wouldn't let me see the quarantine and said if problem persisits, contact support. But you know how easy it is to get ahold of Windows support, lol. So, I finally just uninstalled it and installed Avast. As far as Malwarebytes, no, I don't have anything on the log. Thank you for taking a look and for the super fast reply!
|
#6
|
||||
|
||||
Good to go then. If you choose to you can delete the C:\rsit folder to remove it's files. Suggested, as the forum scan and repair tools used outdate rapidly due to other changes, and switch from helpful to maybe not helpful at times.
|
#7
|
|||
|
|||
Ok will do. Thanks again Tom, I appreciate your quick response more than you know. Great site btw!
|
#8
|
||||
|
||||
![]() |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
RSIT Logs! | mueller | Malware Removal | 4 | December 4th, 2010 02:46 AM |
have malware, logs from gmer and rsit, would *really* appreciate help! | pearsonhj | Malware Removal | 9 | October 1st, 2009 12:19 PM |
Anything left? - Ran smitfraudfix, RSIT, logs posted | deep_structure | Malware Removal | 12 | October 31st, 2008 04:12 AM |
posting logs | dr_ledger | Malware Removal | 7 | February 23rd, 2005 02:46 AM |
Posting Logs | gcarrier | Malware Removal | 2 | November 14th, 2004 05:43 AM |
All times are GMT +1. The time now is 09:30 PM.