PC ' hangs' before responding(RESOLVED)
-
PC ' hangs' before responding(RESOLVED)
My pc has just started to ' hang' or freeze for a split second before responding.
Its only done this since I updated XP with service pack 3 yesterday.
Prior to this my email got spammed and I cannot get outlook express to download all outstanding emails, as after about 30,000 emails, it freezes and then wont respond ( dont know if this is a seperate issue).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:37, on 13/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange UK Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Orange UK Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Orange UK Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Orange UK Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193332759187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193332746765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livede...n/h263ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
--
End of file - 11487 bytes
-
Visit this page below to familiarize yourself to the tool below:
A guide and tutorial on using ComboFix
If you have previously downloaded ComboFix,please delete that version now.
Now download ComboFix and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners and script blockers now
How To Disable
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
ComboFix SHOULD NOT be used unless requested by a forum helper.
New hijackthis log also please, you must follow directions precisely or the combofix tool will not work properly.
-
heres the combofix log:
ComboFix 08-07-14.2 - Owner 2008-07-15 17:47:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1507 [GMT 1:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\hosts
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_MANAGEMENT_SERVICE
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.
2008-07-12 13:58 . 2008-07-12 13:58 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-12 13:58 . 2008-07-12 13:58 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-12 13:58 . 2008-07-12 13:58 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-12 13:42 . 2008-04-14 01:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-07-09 21:06 . 2008-07-09 21:06 <DIR> d-------- C:\Program Files\Sun
2008-06-20 14:09 . 2008-06-28 14:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-20 14:09 . 2008-06-20 14:09 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-14 16:28 --------- d-----w C:\Program Files\rFactor
2008-07-13 20:00 --------- d-----w C:\Program Files\BWS Direct Chat
2008-07-13 14:52 --------- d-----w C:\Program Files\Google
2008-07-13 14:33 --------- d-----w C:\Program Files\Yahoo!
2008-07-13 14:31 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 14:20 --------- d-----w C:\Program Files\MSN Messenger
2008-07-13 09:35 --------- dc----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-13 09:31 --------- d-----w C:\Program Files\PCPitstop
2008-07-13 09:25 --------- dc----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-07-13 09:23 --------- d-----w C:\Program Files\Coupon Printer
2008-07-11 19:32 --------- dc----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-07-10 21:27 --------- d-----w C:\Program Files\MNB & TNB Chat
2008-07-09 20:05 --------- d-----w C:\Program Files\Java
2008-07-02 22:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-07-02 18:17 3,740 ----a-w C:\Program Files\mirc.ini
2008-07-02 18:16 39 ----a-w C:\Program Files\perform.ini
2008-07-01 21:42 --------- d-----w C:\Program Files\LimeWire
2008-07-01 21:28 --------- d-----w C:\Program Files\mIRC
2008-06-18 19:40 355 ----a-w C:\Program Files\urls.ini
2008-06-05 22:57 --------- d-----w C:\Program Files\Auxiliary Power
2008-06-02 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 12:51 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-21 15:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 15:35 --------- dc----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-05-21 15:35 --------- d-----w C:\Program Files\Lavasoft
2008-05-21 15:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 22:52 76,662 ----a-w C:\Program Files\Uninstal.exe
2008-04-08 11:50 266 ----a-w C:\Program Files\servers.ini
2008-04-08 11:12 29,132 ----a-w C:\Program Files\mirc.GID
2007-02-14 13:57 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2004-04-29 06:51 2,541 ----a-w C:\Program Files\popups.ini
2004-04-29 06:48 68,949 ----a-w C:\Program Files\ircintro.hlp
2004-04-29 06:48 30,496 ----a-w C:\Program Files\versions.txt
2004-04-29 06:48 287 ----a-w C:\Program Files\aliases.ini
2004-04-29 06:48 229,917 ----a-w C:\Program Files\mirc.hlp
2004-04-29 06:48 1,937,408 ----a-w C:\Program Files\mIRC.exe
2004-04-29 06:48 1,104 ----a-w C:\Program Files\readme.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2003-04-29 10:40 524288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11 114688]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb08.exe" [2003-03-26 10:19 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 21:10 344064]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 19:34 40960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-06-28 09:17 580096]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 07:35 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-23 13:12 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 01:12 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Freeserve Connection Kit.lnk - C:\freeserve\freeserveconnectionkit\atdialler1.exe [5/28/2003 1:48:10 PM 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BWS Direct Chat\\mirc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MNB & TNB Chat\\mirc.exe"=
"C:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 13:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 13:02]
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630 C.sys [2004-09-14 18:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630 M.sys [2005-01-25 15:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630 U.sys [2005-03-15 11:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2 K.sys [2004-09-13 11:11]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 16:03:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-13 17:07:47 C:\WINDOWS\Tasks\chkdsk.job"
- C:\WINDOWS\system32\chkdsk.exe
"2008-07-15 16:57:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-15 16:54:28 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2006-12-01 00:09:11 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 17:55:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\freeserve\freeserveconnectionkit\Freehook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
************************************************** ************************
.
Completion time: 2008-07-15 18:01:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 17:01:10
Pre-Run: 79,436,918,784 bytes free
Post-Run: 79,400,763,392 bytes free
188
And heres the latest Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:41, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange UK Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Orange UK Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Orange UK Home Page
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193332759187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193332746765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livede...n/h263ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
--
End of file - 11579 bytes
-
Go here to learn how to show hidden files/folders:
Help: How to Show System Files
Re-hide after we are done
Find this folder and tell me what is in it please:
C:\WINDOWS\l2schemas > L2schemas
scan these suspicious files:
C:\Program Files\mirc.ini
C:\Program Files\perform.ini
C:\Program Files\urls.ini
C:\Program Files\servers.ini
C:\Program Files\mirc.GID
C:\Program Files\popups.ini
Like this
Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:
C:\Program Files\mirc.ini
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
If that one is to busy here is another option:
Online malware scan
And
Virus File Scanner
Please post scan results and new hijackthis log.
-
In the L2schemas we havethe following:
baseeapconnectionproperties...XML Scheme
baseeapmethodconfig.xsd
baseeapmethodusercredential..XML Schema
baseeapuserproperties1.xsd
eapcommon.xsd
eapconnectionpropertiesv1.xsd
eaphostconfig.xsd
eaphostusercredentials.xsd
eaptslconnectionpropertiesv1....
eaptlsuserpropertiesv1.xsd
eapuserpropertiesv1.xsd
lan_policy_v1.xsd
lan_profile_v1.xsd
mschapv2connectionpropertiesv1.xsd
mshapv2userpropertiesv1.xsd
mseapconnectionpropertiesv1.xsd
mseapuserpropertiesv1.xsd
onex_v1.xsd
wian_profile_v1.xsd
Hope that all makes sense, will post the file scans ASAP.
-
C:\Program Files\mirc.ini results:
Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.15 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.15 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.15 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5956 2008.07.15 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.15 -
Fortinet 3.14.0.0 2008.07.15 -
GData 2.0.7306.1023 2008.07.15 -
Ikarus T3.1.1.26.0 2008.07.15 -
Kaspersky 7.0.0.125 2008.07.15 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.12.00 2008.07.15 -
Sophos 4.31.0 2008.07.15 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.15 -
TheHacker 6.2.96.379 2008.07.14 -
TrendMicro 8.700.0.1004 2008.07.15 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.15 -
Additional information
File size: 2754 bytes
MD5...: b618b083d2c568ff6fa168852aeb24bb
SHA1..: 6cbc4b59186f9be839972be71fe928e9fa18ef2b
SHA256: e36a8bab6da977ffed2d729d0c9b25820455956f196cdfc3b3 4e334aa2390689
SHA512: eb5ab37ca2b1480d652cb2845aabbc12f2d00d5138d73f1718 159119ea9c2e46
cf4bc068c9e42b48ed35b9673589d01c637542e902d2b216f3 0b243dea2d9b5d
PEiD..: -
PEInfo: -
-
C:\Program Files\perform.ini results:
AhnLab-V3 2008.7.11.0 2008.07.15 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.15 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.15 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5956 2008.07.15 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.15 -
Fortinet 3.14.0.0 2008.07.15 -
GData 2.0.7306.1023 2008.07.15 -
Ikarus T3.1.1.26.0 2008.07.15 -
Kaspersky 7.0.0.125 2008.07.15 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.12.00 2008.07.15 -
Sophos 4.31.0 2008.07.15 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.15 -
TheHacker 6.2.96.379 2008.07.14 -
TrendMicro 8.700.0.1004 2008.07.15 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.15 -
Additional information
File size: 57 bytes
MD5...: 5d64a717e044ee2fa44d41af63493f95
SHA1..: 7161e8abdc495546879e9ef8a7c91706debee519
SHA256: 45406fbac652f4aa33ecd49070212ff691e94bfae1f0636eb0 75ec38e7c0afe0
SHA512: 114ee32a2bd010806c5ec9fe0150c2bef1770a81c22825dcc7 4beacf3a148428
aaf796364eb56e85bd52d4fa5c00b4d97433673ddd29498d5f d2040dcba904ad
PEiD..: -
PEInfo: -
-
C:\Program Files\urls.ini results:
MD5: 7d2b503fa6ce5394de1086e3df67a77f
First received: 02.21.2007 20:23:17 (CET)
Date: 02.21.2007 20:23:17 (CET) [>510D]
Results: 1/30
Permalink: analisis/eeed92314df1d8e6cafe49e500a9309b
-
C:\Program Files\servers.ini results:
Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.15 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.15 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.15 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5956 2008.07.15 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.15 -
Fortinet 3.14.0.0 2008.07.15 -
GData 2.0.7306.1023 2008.07.15 -
Ikarus T3.1.1.26.0 2008.07.15 -
Kaspersky 7.0.0.125 2008.07.15 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.12.00 2008.07.15 -
Sophos 4.31.0 2008.07.15 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.15 -
TheHacker 6.2.96.379 2008.07.14 -
TrendMicro 8.700.0.1004 2008.07.15 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.15 -
Additional information
File size: 411 bytes
MD5...: 240a77641b06645dd35bdd28158ba5d5
SHA1..: 2b38dbb0ae50d7aa55296a7d9690eb377746067d
SHA256: dcf9935ea4bdae49cf7880b2c5210fcfd959a1fc6514e9bc84 1835d5d7ed98db
SHA512: 1c64bfd2cdd43f7a7eac4b0f50fc7f5d1a3d404e6e8a541801 ff807736b2537c
aebfce3c61828e58d500804c25e3bf0f431eb6142c457e1cd3 8b5dec20a5f7f8
PEiD..: -
PEInfo: -
-
C:\Program Files\mirc.GID Results
Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.15 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.15 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.15 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5956 2008.07.15 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.15 -
Fortinet 3.14.0.0 2008.07.15 -
GData 2.0.7306.1023 2008.07.15 -
Ikarus T3.1.1.26.0 2008.07.15 -
Kaspersky 7.0.0.125 2008.07.15 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.12.00 2008.07.15 -
Sophos 4.31.0 2008.07.15 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.15 -
TheHacker 6.2.96.379 2008.07.14 -
TrendMicro 8.700.0.1004 2008.07.15 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.15 -
Additional information
File size: 29132 bytes
MD5...: d67c41a6a912467a2fcaa7f4e8c31591
SHA1..: 593949f5e15d2d04ec0e45d480ee20cd61596480
SHA256: 610be29ab063fd2966a2fc7820452b6c5d89cb90be9dce15c4 91eff9f41e7e42
SHA512: 706eaffdf92536724dfbe2d79a9d410b6aafb221aa10e00d12 5ed066a518d480
36ee8465ff50a3e60c45b0c1f007d7fc961bbd8b8a8ced381a ef104a7afa1e78
PEiD..: -
PEInfo: -
Full Member
