Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » hijackthis log and ComboFix log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

hijackthis log and ComboFix log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 07-12-2008, 01:33 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2008
Posts: 5
enkili Is a beginner here at D-A-L
hijackthis log and ComboFix log
i had some viruses and dont know if i have them still so here are some logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:04, on 7.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent Turbo Accelerator\BitTorrent Turbo Accelerator.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5656 bytes





combofix log:

ComboFix 08-12-05.02 - Emir 2008-12-05 23:40:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1149 [GMT 1:00]
Running from: c:\documents and settings\Emir\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eefbdefc.dll
c:\windows\system32\wingxpxsx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 23:24 . 2008-12-05 23:24 <DIR> d-------- C:\bintheredunthat
2008-12-05 23:10 . 2008-12-05 23:14 <DIR> d-------- C:\BFU
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\documents and settings\Emir\Application Data\Malwarebytes
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 23:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 23:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 22:48 . 2008-12-05 22:52 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-05 20:52 . 2008-12-05 20:52 276,137 --a------ c:\windows\Internet Logs.rar
2008-12-05 20:21 . 2008-08-25 11:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-05 20:21 . 2008-08-25 11:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-05 20:21 . 2008-08-25 11:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-05 20:21 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-05 20:20 . 2008-12-05 20:34 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-05 20:20 . 2008-12-05 20:20 <DIR> d-------- c:\documents and settings\Emir\Application Data\PC Tools
2008-12-05 19:34 . 2008-12-05 21:39 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-12-05 19:34 . 2008-12-05 23:44 136 --a------ c:\program files\BMonitor.dll
2008-12-05 19:31 . 2008-12-05 21:39 335 --a------ c:\windows\system32\vsconfig.xml
2008-12-05 19:31 . 2008-12-05 23:44 0 --a------ c:\windows\system32\ativvaxx.cap
2008-12-05 19:11 . 2008-12-05 20:09 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-12-05 19:11 . 2008-12-05 19:11 <DIR> d-------- c:\program files\Zone Labs
2008-12-05 19:11 . 2008-10-09 14:25 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-05 16:58 . 2008-12-05 17:11 <DIR> d-------- c:\program files\FileInnovations
2008-11-25 21:15 . 2008-11-25 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-25 21:08 . 2008-11-25 21:16 <DIR> d-------- c:\program files\ATI
2008-11-25 17:39 . 2008-11-25 17:39 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 17:39 . 2008-11-25 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-25 17:38 . 2008-12-02 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-11-25 11:44 . 2008-11-25 11:44 <DIR> d-------- c:\program files\MSBuild
2008-11-25 11:44 . 2008-11-25 11:44 <DIR> d-------- c:\program files\Microsoft Works
2008-11-25 11:42 . 2008-11-25 11:42 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-25 11:38 . 2008-11-25 11:43 <DIR> d-------- c:\windows\SHELLNEW
2008-11-25 11:36 . 2008-11-25 11:36 <DIR> dr-h----- C:\MSOCache
2008-11-24 23:19 . 2008-12-05 22:52 <DIR> d-------- c:\program files\Orbitdownloader
2008-11-24 21:24 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-24 21:24 . 2008-11-25 01:56 376 --a------ c:\windows\ODBC.INI
2008-11-24 18:38 . 2008-11-24 18:38 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-24 18:35 . 2008-11-24 18:35 46,881 --a------ c:\windows\system32\PerfStringBackup.rar
2008-11-24 18:05 . 2008-11-24 18:05 <DIR> d-------- c:\program files\Lavasoft
2008-11-24 18:05 . 2008-11-24 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-24 15:46 . 2008-11-24 15:46 <DIR> d-------- c:\documents and settings\Administrator
2008-11-23 14:33 . 2008-11-23 14:33 <DIR> d-------- c:\documents and settings\Emir\Application Data\Red Alert 3
2008-11-23 13:54 . 2008-11-23 13:57 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-23 13:54 . 2008-11-23 13:54 <DIR> d-------- c:\windows\Logs
2008-11-20 20:19 . 2008-11-20 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-20 18:47 . 2008-11-20 18:47 <DIR> d-------- c:\program files\Yahoo!
2008-11-18 01:52 . 2008-11-18 01:52 286,720 --------- c:\windows\Setup1.exe
2008-11-18 01:52 . 2008-11-18 01:52 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-16 21:01 . 2008-11-16 21:01 <DIR> d-------- C:\ATI
2008-11-16 18:35 . 2008-11-16 18:35 <DIR> d-------- c:\documents and settings\Emir\Application Data\GrabPro
2008-11-15 16:11 . 2008-12-05 18:46 <DIR> d-------- c:\program files\Unlocker
2008-11-15 16:11 . 2008-11-15 16:11 <DIR> d-------- c:\documents and settings\Emir\Application Data\Desktopicon
2008-11-14 18:34 . 2008-11-14 18:34 <DIR> d-------- c:\program files\Common Files\Common Share
2008-11-14 18:14 . 2008-11-16 18:09 <DIR> d-------- c:\program files\VDOWNLOADER
2008-11-12 15:49 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:48 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 00:56 . 2008-12-05 21:32 <DIR> d-------- c:\windows\Internet Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-05 20:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 20:34 --------- d-----w c:\program files\DNA
2008-12-05 20:34 --------- d-----w c:\documents and settings\Emir\Application Data\DNA
2008-12-05 20:04 --------- d-----w c:\documents and settings\Emir\Application Data\BitTorrent
2008-12-03 14:08 --------- d-----w c:\documents and settings\Emir\Application Data\Orbit
2008-12-02 08:58 --------- d-----w c:\program files\Mv2Player
2008-11-27 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 20:07 --------- d-----w c:\program files\ATI Technologies
2008-11-24 21:21 --------- d-----w c:\documents and settings\Emir\Application Data\Skype
2008-11-24 21:20 --------- d-----w c:\documents and settings\Emir\Application Data\skypePM
2008-11-24 17:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 17:04 --------- d-----w c:\program files\MessengerDiscovery
2008-11-09 15:24 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 17:51 --------- d-----w c:\documents and settings\Emir\Application Data\Hamachi
2008-11-03 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-01 13:22 --------- d-----w c:\documents and settings\Emir\Application Data\Autodesk
2008-11-01 12:39 --------- d-----w c:\program files\Reference Assemblies
2008-11-01 11:06 --------- d-----w c:\program files\Wizard Software
2008-11-01 08:45 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-29 18:17 --------- d-----w c:\documents and settings\Emir\Application Data\Codemasters
2008-10-29 18:08 --------- d-----w c:\documents and settings\Emir\Application Data\InstallShield
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-26 11:20 --------- d-----w c:\program files\VIA
2008-10-25 14:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 17:51 --------- d-----w c:\documents and settings\Emir\Application Data\THQ
2008-10-24 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-24 17:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:41 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-22 16:41 --------- d-----w c:\documents and settings\Emir\Application Data\SystemRequirementsLab
2008-10-19 09:19 --------- d-----w c:\documents and settings\Emir\Application Data\Ahead
2008-10-19 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-10-19 09:10 --------- d-----w c:\program files\Common Files\Ahead
2008-10-19 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-16 19:55 57,344 ----a-w c:\windows\system32\drivers\wdreg.exe
2008-10-16 19:48 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2008-10-16 15:00 --------- d-----w c:\documents and settings\Emir\Application Data\Mobile Master
2008-10-14 19:07 --------- d-----w c:\program files\CleverCell Phone Manager
2008-10-14 16:50 --------- d-----w c:\program files\Mobile Master
2008-10-14 16:50 --------- d-----w c:\program files\Common Files\Jumping Bytes
2008-10-14 15:11 --------- d-----w c:\documents and settings\Emir\Application Data\Samsung
2008-10-14 14:43 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-10-14 14:13 --------- d-----w c:\program files\Samsung
2008-10-13 16:16 --------- d-----w c:\program files\MSXML 4.0
2008-10-12 12:27 --------- d-----w c:\program files\File Recover
2008-10-12 12:04 --------- d-----w c:\documents and settings\Emir\Application Data\Teleca
2008-10-12 12:02 --------- d-----w c:\documents and settings\Emir\Application Data\Sony Ericsson
2008-10-11 14:06 --------- d-----w c:\documents and settings\Emir\Application Data\vlc
2008-10-11 14:05 --------- d-----w c:\program files\VideoLAN
2008-10-11 08:47 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-10-11 08:47 --------- d-----w c:\program files\Hamachi
2008-10-10 13:17 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 19:45 --------- d-----w c:\program files\Logitech
2008-10-09 19:45 --------- d-----w c:\program files\Common Files\Logitech
2008-10-09 12:06 --------- d-----w c:\program files\Java
2008-10-09 12:03 --------- d-----w c:\program files\Common Files\Java
2008-10-08 21:11 --------- d-----w c:\program files\BitTorrent Turbo Accelerator
2008-10-08 21:09 --------- d-----w c:\program files\BitTorrent
2008-10-06 21:59 --------- d-----w c:\program files\Lexmark 640 Series
2008-10-06 20:51 --------- d-----w c:\documents and settings\Emir\Application Data\Media Player Classic
2008-10-06 19:16 --------- d-----w c:\program files\Real Alternative
2008-10-05 20:25 --------- d-----w c:\program files\Reality Pump
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-12-05 1443072]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2008-04-14 169984]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Emir\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\Wizard Software\Bandwidth Meter\BandMeter.exe [2006-07-15 1420800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ati6odxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Emir^Start Menu^Programs^Startup^Bandwidth Meter.lnk]
path=c:\documents and settings\Emir\Start Menu\Programs\Startup\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Emir^Start Menu^Programs^Startup^BitTorrent Turbo Accelerator.lnk]
path=c:\documents and settings\Emir\Start Menu\Programs\Startup\BitTorrent Turbo Accelerator.lnk
backup=c:\windows\pss\BitTorrent Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-08-01 19:17 222592 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 15:20 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-01-19 10:45 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-19 10:39 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-01-19 10:05 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-04-01 09:52 1368064 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 16:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
--a------ 2007-08-01 19:17 222592 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-10-09 14:25 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FCI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-03-13 33800]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-05 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-05 15504]
R3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\DRIVERS\LV532 AV.SYS [2008-10-09 163328]
S0 ati6odxx;ati6odxx;c:\windows\system32\Drivers\ati6 odxx.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-05 356920]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2008-10-12 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2008-10-12 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2008-10-12 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2008-10-12 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2008-10-12 86368]
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\setupeng.job
- c:\documents and settings\Emir\Desktop\setap\setupeng.exe [2008-10-26 15:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Emir\Application Data\Mozilla\Firefox\Profiles\wi92nrow.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 23:44:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-12-05 23:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 22:47:36

Pre-Run: 5.581.279.232 bytes free
Post-Run: 5,480,488,960 bytes free

293 --- E O F --- 2008-11-27 13:16:46
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-12-2008, 12:10 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijackthis log and ComboFix log
Both look ok!!
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Attention of ComboFix log experts please ESBN Windows XP Help 1 22-11-2008 09:53 PM
HijackThis Log uncleramsay Spyware, Adware, Viruses and HijackThis Logs 15 14-11-2005 01:54 AM
Hijackthis- log CLEVER_LOGIN_NAME Spyware, Adware, Viruses and HijackThis Logs 4 26-10-2005 10:14 PM


All times are GMT +1. The time now is 06:31 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav