Hijack log [F]

Status
Not open for further replies.
J

Jester73440

Baseband Member
Messages
100
have a virus or trojan on my work computer. i have run several antivrius trojan and spyware but i can't seem to completely rid my self of it. can someone look at my log and give me advice


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:00 AM, on 7/8/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM\Client Access\Emulator\pcsws.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\IBM\Client Access\Emulator\pcsws.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\WINDOWS\gxvpsafm.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [412f54de] rundll32.exe "C:\WINDOWS\system32\sajwtygi.dll",b
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\ups1\LOCALS~1\Temp\iifEUljg.dll,#1
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKCU\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKCU\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134415597281
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIDWEST.MIDWESTTRUCK.COM
O17 - HKLM\Software\..\Telephony: DomainName = MIDWEST.MIDWESTTRUCK.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5C18631-CA8C-4C1A-A5CD-9F6C53BF57B3}: NameServer = 192.168.1.16,192.168.1.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIDWEST.MIDWESTTRUCK.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIDWEST.MIDWESTTRUCK.COM
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: CheckJava - {40dcd090-6447-4bb4-b126-b1e5e8ec625c} - C:\WINDOWS\Resources\CheckJava.dll
O21 - SSODL: PreBootCheck - {333436b4-a224-4400-93b1-628a06f1f981} - C:\WINDOWS\Resources\WinService.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7028 bytes
 
Re: Hijack log

Hello,

HiJack Logs belong in our Analyze Section. It is right at the top of this forum. I will move it now. But please next time make sure to post it there.

As for your log you do have malware. Please follow these steps:

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

Logs needed in next post:

ComboFix

Cheers,
Mak
 
Re: Hijack log [P]

sorry for posting in the wrong spot here is my combofixlog

ComboFix 08-07-07.3 - ups1 2008-07-08 18:10:43.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.467 [GMT -5:00]
Running from: C:\Documents and Settings\ups1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\SystemDefender.lnk
C:\Documents and Settings\ups1\Desktop\SystemDefender.lnk
C:\iSecurity
C:\Program Files\IE Extensions
C:\Program Files\iSecurity
C:\Program Files\iSecurity\Thumbs.db
C:\SystemDefender.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\gfetqaxsavl.dll
C:\WINDOWS\resources\CheckJava.dll
C:\WINDOWS\resources\WinService.dll
C:\WINDOWS\system32\bhdeycce.ini
C:\WINDOWS\system32\cqwqxocl.ini
C:\WINDOWS\system32\edNpYJlm.ini
C:\WINDOWS\system32\edNpYJlm.ini2
C:\WINDOWS\system32\flrffswj.ini
C:\WINDOWS\system32\furhmdff.ini
C:\WINDOWS\system32\hgpnnqbv.ini
C:\WINDOWS\system32\igytwjas.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJYpNde.dll
C:\WINDOWS\system32\xxyawvUO.dll
C:\WINDOWS\system32\yJPWEfhk.ini
C:\WINDOWS\system32\yJPWEfhk.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 11:10 . 2008-07-08 11:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 08:21 . 2008-07-08 08:21 88,576 --a------ C:\WINDOWS\system32\sajwtygi.dll
2008-07-07 09:50 . 2008-07-07 09:50 88,576 --a------ C:\WINDOWS\system32\tfihwdun.dll.vir
2008-07-07 09:49 . 2008-07-07 09:49 318,208 --a------ C:\WINDOWS\system32\efcBsRhi.dll.vir
2008-07-03 18:44 . 2008-07-03 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Documents and Settings\ups1\Application Data\Simply Super Software
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-03 18:43 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-03 18:43 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-03 18:43 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-03 18:43 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-03 18:43 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-03 17:46 . 2008-07-03 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-03 17:16 . 2008-07-03 17:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-03 17:16 . 2008-07-08 09:41 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 17:16 . 2008-07-03 17:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-07-03 17:16 . 2008-07-08 09:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-03 17:15 . 2008-07-03 17:15 <DIR> d-------- C:\Program Files\AVG
2008-07-03 17:15 . 2008-07-03 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-03 13:29 . 2008-07-03 13:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-03 13:29 . 2008-07-03 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 08:36 . 2008-07-03 13:29 1,668 --a------ C:\Antivirus XP 2008.lnk
2008-07-03 08:17 . 2008-07-03 08:17 161,308 --a------ C:\6107.tmp
2008-07-02 18:29 . 2008-07-02 18:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-02 17:03 . 2008-07-02 17:03 0 --a------ C:\LOGBE.tmp
2008-07-02 17:02 . 2008-07-02 17:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 07:40 . 2008-07-02 07:40 <DIR> d-------- C:\Program Files\sprof
2008-07-01 10:57 . 2008-07-01 10:57 0 --a------ C:\LOG87C.tmp
2008-07-01 08:56 . 2008-07-01 08:56 <DIR> d-------- C:\WINDOWS\system32\931928
2008-07-01 02:54 . 2008-07-01 02:54 10,240 --a------ C:\WINDOWS\system32\drivers\clbdriver.sys.vir
2008-07-01 02:54 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-01 02:50 . 2008-06-30 23:55 233,472 --a------ C:\WINDOWS\pntqkflv.dll.vir
2008-07-01 02:50 . 2008-06-30 23:55 180,224 --a------ C:\WINDOWS\qegbdmwf.dll.vir
2008-07-01 02:50 . 2008-06-30 23:55 155,648 --a------ C:\WINDOWS\gxvpsafm.dll.vir
2008-07-01 02:50 . 2008-06-30 23:55 94,208 --a------ C:\WINDOWS\enpq.exe
2008-07-01 02:50 . 2008-06-30 23:55 81,920 --a------ C:\WINDOWS\tovafrnm.exe.vir
2008-06-30 14:01 . 2008-06-30 14:01 0 --a------ C:\LOG1349.tmp
2008-06-26 20:58 . 2008-06-26 20:58 <DIR> d-------- C:\Program Files\AIM6
2008-06-26 20:57 . 2008-06-26 20:58 407 --ah----- C:\IPH.PH
2008-06-24 14:59 . 2008-06-24 14:59 0 --a------ C:\LOGC99.tmp
2008-06-23 14:52 . 2008-06-23 14:52 0 --a------ C:\LOGEC.tmp
2008-06-20 14:58 . 2008-06-20 14:58 0 --a------ C:\LOG41.tmp
2008-06-18 14:22 . 2008-06-18 14:22 0 --a------ C:\LOG279.tmp
2008-06-16 13:30 . 2008-06-16 13:30 0 --a------ C:\LOG4D3.tmp
2008-06-12 14:47 . 2008-06-12 14:47 0 --a------ C:\LOGAC.tmp
2008-06-12 10:40 . 2008-06-12 10:40 0 --a------ C:\LOG12.tmp
2008-06-11 14:34 . 2008-06-11 14:34 0 --a------ C:\LOGD22.tmp
2008-06-11 03:31 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:31 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 09:38 . 2008-06-09 09:38 0 --a------ C:\LOGE4.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-01-07 17:51 1380445]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 09:41 1232152]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"412f54de"="C:\WINDOWS\system32\sajwtygi.dll" [2008-07-08 08:21 88576]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [2007-03-13 09:51:00 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
--a------ 2004-01-23 05:30 45106 C:\Program Files\IBM\Client Access\cwbckver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
--a------ 2004-01-23 05:30 20480 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
--a------ 2004-01-23 05:30 24626 C:\Program Files\IBM\Client Access\cwbinhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access PC5250 Sound]
--a------ 2004-01-23 05:30 40960 C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
--a------ 2004-01-23 05:30 20530 C:\Program Files\IBM\Client Access\cwbsvstr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sprof]
--a------ 2008-07-02 07:40 6148 C:\Program Files\sprof\sprof.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-22 16:42 90112 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-02-11 12:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-08 09:41]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 09:41]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 01:27]
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-07-20 19:12]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-04-03 17:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8780315c-2bd2-11dc-bfe7-0016ec4cb499}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe97ca7b-caa4-11dc-8020-0016ec4cb499}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe97ca7d-caa4-11dc-8020-0016ec4cb499}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PPMemCheck - C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
HKCU-Run-Spyware X-terminator Control Center - C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
HKCU-Run-CookiePatrol - C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
HKLM-Run-Guard - C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
HKLM-Run-PPMemCheck - C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
HKLM-Run-Spyware X-terminator Control Center - C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
HKLM-Run-CookiePatrol - C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
MSConfigStartUp-412f54de - C:\WINDOWS\system32\jwsffrlf.dll
MSConfigStartUp-iSecurity applet - iSecurity.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:16:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PHNXCDSVR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVROAM.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-08 18:19:28 - machine was rebooted [ups1]
ComboFix-quarantined-files.txt 2008-07-08 23:19:22

Pre-Run: 53,093,040,128 bytes free
Post-Run: 55,363,043,328 bytes free

209 --- E O F --- 2008-06-20 08:00:36
 
Re: Hijack log [P]

Hello,

I see that you have both Symantec and AVG installed. This is counter productive. I would recommend removing one or the other. Personally Symantec isnt necessary if you run AVG. Use the Norton Removal Tool if you remove it.

As for your log there are some things that need fixing. So please do as follows.

1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code: 
File::
C:\WINDOWS\system32\sajwtygi.dll
C:\WINDOWS\system32\tfihwdun.dll.vir
C:\WINDOWS\system32\efcBsRhi.dll.vir
C:\WINDOWS\system32\drivers\clbdriver.sys.vir
C:\WINDOWS\pntqkflv.dll.vir
C:\WINDOWS\qegbdmwf.dll.vir
C:\WINDOWS\gxvpsafm.dll.vir
C:\WINDOWS\tovafrnm.exe.vir
C:\6107.tmp
C:\LOGBE.tmp
C:\LOG87C.tmp
C:\LOG1349.tmp
C:\IPH.PH
C:\LOGC99.tmp
C:\LOGEC.tmp
C:\LOG41.tmp
C:\LOG279.tmp
C:\LOG4D3.tmp
C:\LOGAC.tmp
C:\LOG12.tmp
C:\LOGD22.tmp
C:\LOGE4.tmp
Folder::
C:\WINDOWS\system32\931928
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Logs needed in your next reply:

ComboFix

Cheers,
Mak
 
Re: Hijack log [P]

i know but after symantc wasn't finding anything i came on here and seen AVG was highly recommended so gave it a try. thanks

ComboFix 08-07-07.3 - ups1 2008-07-09 8:16:39.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.458 [GMT -5:00]
Running from: C:\Documents and Settings\ups1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ups1\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\6107.tmp
C:\IPH.PH
C:\LOG12.tmp
C:\LOG1349.tmp
C:\LOG279.tmp
C:\LOG41.tmp
C:\LOG4D3.tmp
C:\LOG87C.tmp
C:\LOGAC.tmp
C:\LOGBE.tmp
C:\LOGC99.tmp
C:\LOGD22.tmp
C:\LOGE4.tmp
C:\LOGEC.tmp
C:\WINDOWS\gxvpsafm.dll.vir
C:\WINDOWS\pntqkflv.dll.vir
C:\WINDOWS\qegbdmwf.dll.vir
C:\WINDOWS\system32\drivers\clbdriver.sys.vir
C:\WINDOWS\system32\efcBsRhi.dll.vir
C:\WINDOWS\system32\sajwtygi.dll
C:\WINDOWS\system32\tfihwdun.dll.vir
C:\WINDOWS\tovafrnm.exe.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\6107.tmp
C:\IPH.PH
C:\LOG12.tmp
C:\LOG1349.tmp
C:\LOG279.tmp
C:\LOG41.tmp
C:\LOG4D3.tmp
C:\LOG87C.tmp
C:\LOGAC.tmp
C:\LOGBE.tmp
C:\LOGC99.tmp
C:\LOGD22.tmp
C:\LOGE4.tmp
C:\LOGEC.tmp
C:\WINDOWS\gxvpsafm.dll.vir
C:\WINDOWS\pntqkflv.dll.vir
C:\WINDOWS\qegbdmwf.dll.vir
C:\WINDOWS\system32\931928
C:\WINDOWS\system32\drivers\clbdriver.sys.vir
C:\WINDOWS\system32\efcBsRhi.dll.vir
C:\WINDOWS\system32\sajwtygi.dll
C:\WINDOWS\system32\tfihwdun.dll.vir
C:\WINDOWS\tovafrnm.exe.vir

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-08 18:19 . 2008-07-09 08:12 354 ---hs---- C:\WINDOWS\system32\igytwjas.ini
2008-07-08 11:10 . 2008-07-08 11:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-03 18:44 . 2008-07-03 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Documents and Settings\ups1\Application Data\Simply Super Software
2008-07-03 18:43 . 2008-07-03 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-03 18:43 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-03 18:43 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-03 18:43 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-03 18:43 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-03 18:43 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-03 17:46 . 2008-07-03 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-03 17:16 . 2008-07-03 17:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-03 17:16 . 2008-07-08 09:41 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 17:16 . 2008-07-03 17:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-07-03 17:16 . 2008-07-08 09:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-03 17:15 . 2008-07-03 17:15 <DIR> d-------- C:\Program Files\AVG
2008-07-03 17:15 . 2008-07-03 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-03 13:29 . 2008-07-03 13:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-03 13:29 . 2008-07-03 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 08:36 . 2008-07-03 13:29 1,668 --a------ C:\Antivirus XP 2008.lnk
2008-07-02 18:29 . 2008-07-02 18:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-02 17:02 . 2008-07-02 17:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 07:40 . 2008-07-02 07:40 <DIR> d-------- C:\Program Files\sprof
2008-07-01 02:54 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-01 02:50 . 2008-06-30 23:55 94,208 --a------ C:\WINDOWS\enpq.exe
2008-06-26 20:58 . 2008-06-26 20:58 <DIR> d-------- C:\Program Files\AIM6
2008-06-11 03:31 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:31 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_18.18.51.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 23:15:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 13:19:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:32:44 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-01-07 17:51 1380445]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 09:41 1232152]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [2007-03-13 09:51:00 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
--a------ 2004-01-23 05:30 45106 C:\Program Files\IBM\Client Access\cwbckver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
--a------ 2004-01-23 05:30 20480 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
--a------ 2004-01-23 05:30 24626 C:\Program Files\IBM\Client Access\cwbinhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access PC5250 Sound]
--a------ 2004-01-23 05:30 40960 C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
--a------ 2004-01-23 05:30 20530 C:\Program Files\IBM\Client Access\cwbsvstr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sprof]
--a------ 2008-07-02 07:40 6148 C:\Program Files\sprof\sprof.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-22 16:42 90112 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-02-11 12:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-08 09:41]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 09:41]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 01:27]
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-07-20 19:12]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-04-03 17:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8780315c-2bd2-11dc-bfe7-0016ec4cb499}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe97ca7b-caa4-11dc-8020-0016ec4cb499}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe97ca7d-caa4-11dc-8020-0016ec4cb499}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-412f54de - C:\WINDOWS\system32\sajwtygi.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 08:20:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PHNXCDSVR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVROAM.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
.
**************************************************************************
.
Completion time: 2008-07-09 8:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 13:23:18
ComboFix2.txt 2008-07-08 23:19:30

Pre-Run: 55,243,177,984 bytes free
Post-Run: 55,231,905,792 bytes free

211 --- E O F --- 2008-07-08 23:49:44
 
Re: Hijack log [P]

Hello,

The logs look decent to me. But if you wish to get a expert opinion please do as follows:

I suggest you take your log to the malware doctors found in this forum.
Please make sure that you read this before posting anything in the malware forum.

If you're still having problems after the malware doctors declare your log clean feel free to post back here and we'll help you to the best of our knowledge! :)

Cheers,
Mak
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
Back
Top Bottom