Got something, don't know what it is. Hijack log included

View previous topic View next topic Go down

Got something, don't know what it is. Hijack log included

Post by toprank36 on 10th December 2009, 6:17 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqMediaServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EARTHL~1\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\EARTHL~1\PCFINE~1\mxtask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [UFC Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe" /CustomId:UFC
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: PC FineTune Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\EARTHL~1\PCFINE~1\MXTask.exe

--
End of file - 6314 bytes

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by Belahzur on 10th December 2009, 7:55 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 11th December 2009, 1:39 am

Malwarebytes' Anti-Malware 1.42
Database version: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2009 5:38:41 PM
mbam-log-2009-12-10 (17-38-40).txt

Scan type: Quick Scan
Objects scanned: 109626
Time elapsed: 23 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by Belahzur on 11th December 2009, 10:39 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 12th December 2009, 12:28 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jeremy at 16:21:02.78 on Fri 12/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.100 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqMediaServer.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\EARTHL~1\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\EARTHL~1\PCFINE~1\mxtask.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeremy\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [UFC Media Manager Tray] "c:\program files\entriq\mediasphere\EntriqMediaTray.exe" /CustomId:UFC
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\jeremy\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - [You must be registered and logged in to see this link.]
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - [You must be registered and logged in to see this link.]
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-28 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 PC FineTune Task Manager;PC FineTune Task Manager;c:\progra~1\earthl~1\pcfine~1\mxtask.exe -service --> c:\progra~1\earthl~1\pcfine~1\MXTask.exe -Service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]

=============== Created Last 30 ================

2009-12-11 01:12:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 04:51:58 1278 ----a-w- c:\windows\system32\tmp.reg
2009-11-28 21:51:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-28 21:51:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-28 21:48:59 0 d-----w- c:\program files\Kaspersky Lab
2009-11-28 21:48:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-11-24 21:01:31 0 d-----w- c:\docume~1\jeremy\applic~1\pc
2009-11-19 16:19:31 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-11-19 16:19:31 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-11-19 16:19:31 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-11-19 16:19:31 0 d-----w- c:\program files\LG Electronics

==================== Find3M ====================

2009-12-11 20:33:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 04:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 05:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 16:26:17.07 ===============

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 12th December 2009, 12:29 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2007 3:29:30 PM
System Uptime: 12/9/2009 9:37:25 PM (43 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 33.521 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 4 GiB total, 0.779 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 233 GiB total, 170.599 GiB free.
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP801: 9/13/2009 5:13:08 AM - System Checkpoint
RP802: 9/14/2009 6:00:30 AM - System Checkpoint
RP803: 9/15/2009 7:44:40 AM - System Checkpoint
RP804: 9/16/2009 8:34:47 AM - System Checkpoint
RP805: 9/17/2009 9:34:47 AM - System Checkpoint
RP806: 9/18/2009 9:47:24 AM - System Checkpoint
RP807: 9/19/2009 10:14:43 AM - System Checkpoint
RP808: 9/20/2009 10:36:01 AM - System Checkpoint
RP809: 9/21/2009 11:34:54 AM - System Checkpoint
RP810: 9/22/2009 12:34:55 PM - System Checkpoint
RP811: 9/23/2009 1:34:54 PM - System Checkpoint
RP812: 9/24/2009 2:34:54 PM - System Checkpoint
RP813: 9/25/2009 2:35:05 PM - System Checkpoint
RP814: 9/26/2009 3:03:00 PM - System Checkpoint
RP815: 9/27/2009 3:35:05 PM - System Checkpoint
RP816: 9/28/2009 4:31:22 PM - System Checkpoint
RP817: 9/29/2009 5:31:22 PM - System Checkpoint
RP818: 9/30/2009 5:32:27 PM - System Checkpoint
RP819: 10/1/2009 6:31:22 PM - System Checkpoint
RP820: 10/2/2009 7:31:23 PM - System Checkpoint
RP821: 10/3/2009 7:47:26 PM - System Checkpoint
RP822: 10/4/2009 8:46:19 PM - System Checkpoint
RP823: 10/5/2009 9:01:10 PM - System Checkpoint
RP824: 10/6/2009 10:01:11 PM - System Checkpoint
RP825: 10/7/2009 11:01:10 PM - System Checkpoint
RP826: 10/8/2009 11:07:51 PM - System Checkpoint
RP827: 10/9/2009 11:09:59 PM - System Checkpoint
RP828: 10/10/2009 11:46:02 PM - System Checkpoint
RP829: 10/12/2009 12:31:13 AM - System Checkpoint
RP830: 10/13/2009 1:31:13 AM - System Checkpoint
RP831: 10/14/2009 2:31:13 AM - System Checkpoint
RP832: 10/14/2009 3:00:29 AM - Software Distribution Service 3.0
RP833: 10/15/2009 3:17:10 AM - System Checkpoint
RP834: 10/16/2009 3:29:41 AM - System Checkpoint
RP835: 10/17/2009 4:17:04 AM - System Checkpoint
RP836: 10/18/2009 4:17:10 AM - System Checkpoint
RP837: 10/19/2009 5:17:11 AM - System Checkpoint
RP838: 10/20/2009 6:17:08 AM - System Checkpoint
RP839: 10/21/2009 6:18:13 AM - System Checkpoint
RP840: 10/22/2009 7:18:13 AM - System Checkpoint
RP841: 10/23/2009 7:37:28 AM - System Checkpoint
RP842: 10/24/2009 8:17:09 AM - System Checkpoint
RP843: 10/24/2009 3:26:41 PM - Configured Microsoft Office Home and Student 2007
RP844: 10/25/2009 4:18:21 PM - System Checkpoint
RP845: 10/26/2009 5:00:41 PM - System Checkpoint
RP846: 10/27/2009 6:00:33 PM - System Checkpoint
RP847: 10/28/2009 7:00:33 PM - System Checkpoint
RP848: 10/29/2009 7:06:35 PM - System Checkpoint
RP849: 10/30/2009 8:00:33 PM - System Checkpoint
RP850: 10/31/2009 8:01:45 PM - System Checkpoint
RP851: 11/1/2009 9:01:45 PM - System Checkpoint
RP852: 11/2/2009 10:00:39 PM - System Checkpoint
RP853: 11/3/2009 4:00:18 AM - Software Distribution Service 3.0
RP854: 11/4/2009 4:11:34 AM - System Checkpoint
RP855: 11/4/2009 8:15:09 PM - Software Distribution Service 3.0
RP856: 11/5/2009 8:38:00 PM - System Checkpoint
RP857: 11/6/2009 4:00:16 AM - Software Distribution Service 3.0
RP858: 11/7/2009 4:11:33 AM - System Checkpoint
RP859: 11/8/2009 3:00:24 AM - Software Distribution Service 3.0
RP860: 11/9/2009 3:27:14 AM - System Checkpoint
RP861: 11/10/2009 7:25:17 AM - System Checkpoint
RP862: 11/11/2009 3:00:28 AM - Software Distribution Service 3.0
RP863: 11/12/2009 3:25:26 AM - System Checkpoint
RP864: 11/13/2009 4:25:21 AM - System Checkpoint
RP865: 11/14/2009 5:25:20 AM - System Checkpoint
RP866: 11/15/2009 6:25:25 AM - System Checkpoint
RP867: 11/16/2009 7:25:26 AM - System Checkpoint
RP868: 11/17/2009 7:29:44 AM - System Checkpoint
RP869: 11/18/2009 8:25:24 AM - System Checkpoint
RP870: 11/19/2009 8:19:31 AM - Installed LG USB Modem driver
RP871: 11/19/2009 8:24:19 AM - Installed LG USB Modem driver
RP872: 11/19/2009 8:25:43 AM - Installed LG USB Modem driver
RP873: 11/20/2009 9:13:54 AM - System Checkpoint
RP874: 11/21/2009 10:12:42 AM - System Checkpoint
RP875: 11/22/2009 11:12:45 AM - System Checkpoint
RP876: 11/23/2009 11:15:25 AM - System Checkpoint
RP877: 11/24/2009 12:24:41 PM - System Checkpoint
RP878: 11/25/2009 3:00:30 AM - Software Distribution Service 3.0
RP879: 11/26/2009 3:23:35 AM - System Checkpoint
RP880: 11/27/2009 12:11:48 PM - System Checkpoint
RP881: 11/28/2009 12:00:48 PM - Removed Kaspersky Anti-Virus 2009.
RP882: 11/28/2009 1:48:28 PM - Installed Kaspersky Internet Security 2010.
RP883: 11/29/2009 1:49:20 PM - System Checkpoint
RP884: 11/30/2009 2:48:09 PM - System Checkpoint
RP885: 12/1/2009 6:14:56 PM - System Checkpoint
RP886: 12/2/2009 7:19:36 PM - System Checkpoint
RP887: 12/3/2009 7:23:00 PM - System Checkpoint
RP888: 12/4/2009 7:59:16 PM - System Checkpoint
RP889: 12/5/2009 8:56:38 PM - System Checkpoint
RP890: 12/6/2009 9:31:42 PM - System Checkpoint
RP891: 12/7/2009 9:38:05 PM - System Checkpoint
RP892: 12/8/2009 10:08:26 PM - System Checkpoint
RP893: 12/9/2009 11:24:39 AM - Software Distribution Service 3.0
RP894: 12/10/2009 11:42:02 AM - System Checkpoint
RP895: 12/11/2009 12:42:01 PM - System Checkpoint

==== Installed Programs ======================

1310
1310_Help
1310Tour
1310Trb
32 Bit HP CIO Components Installer
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
Bodog Poker
BufferChm
C4580
C4580_Help
Cards_Calendar_OrderGift_DoMorePlugout
Copy
Creative MediaSource
Creative System Information
Creative Zen Neeon (512MB, 1GB, 2GB)
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
EarthLink PC FineTune
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
GPBaseService
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 11.0
HP Image Zone 3.5
HP Imaging Device Functions 11.0
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP PSC & OfficeJet 3.5
HP Smart Web Printing
HP Solution Center 11.0
HP Unload DLL Patch
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Internet Security 2010
LG USB Modem driver
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NTI Backup NOW! 4
NTI DriveBackup! 3 Trial
NTI DVD-Maker
OCR Software by I.R.I.S. 11.0
OpenOffice.org Installer 1.0
Overland
PanoStandAlone
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoGallery
PrintScreen
PS_AIO_04_C4580_ProductContext
PS_AIO_04_C4580_Software
PS_AIO_04_C4580_Software_Min
PSSWCORE
QFolder
QuickProjects
Readme
Realtek AC'97 Audio
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shop for HP Supplies
SkinsHP1
SkinsHP2
SkyCaddie Desktop
SmartWebPrinting
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Status
Studio 9
TaxCut California 2007
TaxCut California 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Toolbox
TrayApp
Ulead VideoStudio 7 SE DVD
Uninstall Entriq MediaSphere
Uninstall UFC
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VideoToolkit01
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/9/2009 9:06:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL Tcpip
12/9/2009 9:06:52 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2009 9:06:52 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2009 9:06:52 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2009 9:06:52 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2009 9:06:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/9/2009 4:27:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SABKUTIL
12/7/2009 8:59:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep PCIIde SABKUTIL
12/7/2009 8:59:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/7/2009 8:57:42 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/7/2009 8:57:42 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
12/7/2009 8:56:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/7/2009 8:48:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep Fips intelppm kl1 KLIF ohci1394 PCIIde SABKUTIL
12/6/2009 8:01:02 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JACKLYN-OT8W3Q1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F5405B64-73B. The master browser is stopping or an election is being forced.

==== End Of File ===========================

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by Belahzur on 12th December 2009, 1:09 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 2
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 12th December 2009, 8:31 pm

Combo-Fix is not working for me. I always get this response when I try to run it.

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions access the item."

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by Belahzur on 12th December 2009, 8:55 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 12th December 2009, 9:18 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:12 on 12/12/2009 by Jeremy (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [15:25 31/08/2008] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [18:56 22/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [15:26 31/08/2008] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [18:56 22/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [15:26 31/08/2008] [12:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [18:55 22/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [12:00 04/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 12th December 2009, 9:43 pm

I was now able to run combo-fix. Here is the log.

ComboFix 09-12-11.05 - Jeremy 12/12/2009 13:21:52.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.155 [GMT -8:00]
Running from: c:\documents and settings\Jeremy\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeremy\Application Data\pc
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-12 21:01 . 2009-12-12 21:01 96512 ----a-w- c:\windows\system32\drivers\kav_atapi.sys
2009-12-12 20:58 . 2009-12-12 20:58 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-12 04:13 . 2009-12-12 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-11 01:12 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 15:10 . 2009-12-03 15:10 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-11-28 22:03 . 2009-11-28 22:03 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-28 22:03 . 2009-11-28 22:03 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-28 22:03 . 2009-11-28 22:03 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-28 22:03 . 2009-11-28 22:03 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-28 22:03 . 2009-11-28 22:03 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-28 22:01 . 2009-11-28 22:01 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2009-11-28 22:01 . 2009-11-28 22:01 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2009-11-28 22:01 . 2009-11-28 22:01 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-11-28 22:01 . 2009-11-28 22:01 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-11-28 21:51 . 2009-11-28 21:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-28 21:51 . 2009-11-28 21:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-28 21:48 . 2009-12-12 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-28 21:48 . 2009-11-28 21:48 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-24 21:10 . 2009-11-24 21:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-19 16:19 . 2009-11-19 16:19 -------- d-----w- c:\program files\LG Electronics
2009-11-19 16:19 . 2008-11-11 21:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-11-19 16:19 . 2008-11-11 21:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-11-19 16:19 . 2008-11-11 21:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 21:03 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-11 01:13 . 2008-11-21 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 01:12 . 2009-10-24 20:37 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-09 19:28 . 2007-07-18 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-08 04:52 . 2007-07-18 20:41 -------- d-----w- c:\program files\Google
2009-12-04 00:14 . 2008-11-21 23:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 19:56 . 2008-12-20 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-19 16:19 . 2007-07-17 23:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-09 01:37 . 2009-11-09 01:37 -------- d-----w- c:\program files\Bodog Poker
2009-11-08 15:27 . 2007-07-18 20:28 87720 ----a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-08 11:03 . 2007-07-18 00:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-05 03:19 . 2009-01-26 03:14 -------- d-----w- c:\documents and settings\Jeremy\Application Data\HPAppData
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 04:34 . 2009-10-21 04:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 05:18 . 2009-10-15 05:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 03:39 . 2009-10-03 03:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-14 22:42 . 2009-09-14 22:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UFC Media Manager Tray"="c:\program files\Entriq\MediaSphere\EntriqMediaTray.exe" [2008-01-09 374608]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 184320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]

c:\documents and settings\Jeremy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-7-17 184320]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 PC FineTune Task Manager;PC FineTune Task Manager;c:\progra~1\EARTHL~1\PCFINE~1\MXTask.exe -Service --> c:\progra~1\EARTHL~1\PCFINE~1\MXTask.exe -Service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-12 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Kontiki\KService.exe
c:\progra~1\EARTHL~1\PCFINE~1\MXTask.exe
c:\progra~1\EARTHL~1\PCFINE~1\mxtask.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-12-12 13:41:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-12 21:41
ComboFix2.txt 2008-12-15 22:48
ComboFix3.txt 2008-12-15 22:40
ComboFix4.txt 2008-12-11 05:01

Pre-Run: 36,073,078,784 bytes free
Post-Run: 36,366,180,352 bytes free

- - End Of File - - 7C48DFC8D88DE563B48216DE18307579

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by Belahzur on 13th December 2009, 1:45 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Got something, don't know what it is. Hijack log included

Post by toprank36 on 13th December 2009, 6:49 am

So far so good. If I get any more bizarre re-directs , I'll let you know. Thanks for help!

toprank36
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-12-10
OS OS : xp
Points Points : 25668
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum