Thread: [Resolved] MANY PROBLEMS! Can't open hijackthis or spybot!
View Single Post
  #7 (permalink)  
Old 20-06-2009, 03:49 AM
chevymanar chevymanar is offline
Junior Member
New Recruit
  
Join Date: Jun 2009
Posts: 25
chevymanar is a jewel in the roughchevymanar is a jewel in the roughchevymanar is a jewel in the roughchevymanar is a jewel in the rough
re: [Resolved] MANY PROBLEMS! Can't open hijackthis or spybot!
ComboFix 09-06-18.02 - John Wilson 06/19/2009 21:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.581 [GMT -5:00]
Running from: c:\load-cf\30738\30738.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 23:28 . 2009-06-19 23:45 -------- d-----w- C:\Load-CF
2009-06-19 22:48 . 2009-06-19 22:50 -------- d-----w- C:\Tools-AV
2009-06-17 23:22 . 2009-06-17 23:22 -------- d-----w- c:\program files\Trend Micro
2009-06-17 23:20 . 2009-06-17 23:20 396288 ----a-w- C:\HijackThis.exe
2009-06-17 04:22 . 2009-06-17 04:22 152576 ----a-w- c:\documents and settings\John Wilson\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 04:17 . 2009-06-17 04:17 -------- d-sh--w- c:\documents and settings\John Wilson\PrivacIE
2009-06-17 01:54 . 2009-06-17 04:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-17 01:54 . 2009-06-17 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 01:45 . 2009-06-17 01:45 -------- d-sh--w- c:\documents and settings\John Wilson\IETldCache
2009-06-17 01:45 . 2009-06-17 01:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-06-17 01:35 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 01:34 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 01:34 . 2009-06-17 01:34 -------- d-----w- c:\windows\ie8updates
2009-06-17 01:34 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-17 01:31 . 2009-06-17 01:34 -------- dc-h--w- c:\windows\ie8
2009-06-16 14:29 . 2009-06-15 14:31 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-16 14:29 . 2009-06-15 14:31 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-16 14:29 . 2009-06-15 14:31 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-15 14:32 . 2009-06-15 14:32 -------- d-----w- c:\documents and settings\John Wilson\Application Data\AVG8
2009-06-15 14:31 . 2009-06-15 14:31 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 19:02 . 2009-05-21 16:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-23 19:01 . 2009-05-23 19:01 152576 ----a-w- c:\documents and settings\John Wilson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-19 23:47 . 2008-04-27 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 04:22 . 2006-07-23 22:44 -------- d-----w- c:\program files\Java
2009-06-17 01:36 . 2009-02-19 02:02 -------- d-----w- c:\documents and settings\John Wilson\Application Data\Money Manager Ex
2009-06-16 14:29 . 2007-11-30 21:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 14:31 . 2008-04-27 16:13 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 13:41 . 2008-04-27 16:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-05 13:41 . 2008-04-27 16:13 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-05 13:41 . 2008-04-27 16:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-07-04 15:55 . 2007-03-12 18:22 56 --sh--r- c:\windows\system32\4127A71BD7.sys
2006-08-16 02:54 . 2006-08-16 02:54 88 --sh--r- c:\windows\system32\D71BA72741.sys
2008-07-04 15:55 . 2006-08-16 02:54 4288 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2007-06-15 22528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-23 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2008-04-14 169984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-17 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-23 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 13:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommo n Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [4/27/2008 11:13 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/27/2008 11:13 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/27/2008 11:13 AM 108552]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [10/7/2007 10:38 AM 82432]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [10/7/2007 10:37 AM 66304]
S3 Vonats2kmsw;Vonats2kmsw; [x]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/10/2009 10:26 AM 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-19 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-20 21:44
ComboFix-quarantined-files.txt 2009-06-20 02:44
ComboFix2.txt 2009-06-20 02:12

Pre-Run: 84,587,966,464 bytes free
Post-Run: 84,572,327,936 bytes free

135 --- E O F --- 2009-06-17 01:35
Reply With Quote