Hijack This Log File (need help quick please)

Status
Not open for further replies.
B

<-(BrOkEn)->

Solid State Member
Messages
6
I recently bought a used computer from a friend and as soon as i hooked it up to internet
it starting having problems (It had WebHancer on it) . It brought up alot of pop-ups even tho i wasn't even on it at the time So i downloaded and installed AVG free edition and when i ran it it took like 3 hours and it came up with like 300+ threats. So i got rid of them and restarted my computer And i couldnt connect to the internet The connection had little or no conectivity
i tried clicking repair but it said could not renew the ip. i tried CMD Ipconfig/release and ipcongif/renew and it said something about a socket, so i googled it and downloaded LSP-FIX - Winsock 2 repair utility And that fixed the internet problem and it seemed fine until i got up this morning where avg was running and it kept bringing up virus Detected. So i rebooted in safemode and ran hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:16 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl22&revid=10702&uid=17c96a2e077711dea4f2177850ffffff&guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ver=4052
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http :// click.getmirar .com (HKLM)
O15 - Trusted Zone: http :// click.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// redirect.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// awbeta.net-nucleus .com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

--
End of file - 7351 bytes
 
Remove

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl2 2&revid=10702&uid=17c96a2e077711dea4f2177850ffffff &guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ver=4 052

O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)

O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)


O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)

O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687

O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b

O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s


O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a

O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')

O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)

O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll

O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)


O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)

Remove what you can then run combofix and then malwarebytes and then post a new hijackthis log and post the logs from the other 2 as well
 
Ok i removed them and then restarted
btw avg keeps finding C:\WINDOWS\STSTEM32\Gijeluhe.dll as an Trojan Horse SHeur2.TNQ

Heres the new log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:38 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\muhenali.dll",a
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKUS\S-1-5-19\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\fogarese.dll c:\windows\system32\muhenali.dll,C:\WINDOWS\System32\gijeluhe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\muhenali.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\muhenali.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

--
End of file - 6205 bytes
 
ok i ran combofix then malwarebytes then hijack this again

ComboFix 09-03-02.03 - Jeremy 2009-03-03 21:31:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.210 [GMT -6:00]
Running from: c:\documents and settings\Jeremy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Daniel McKee\Cookies\hpothb07.dat
c:\documents and settings\Daniel McKee\Cookies\hpothb07.tif
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
c:\program files\Common Files\download
c:\program files\Common Files\inetget
c:\program files\Common Files\vcclient
c:\program files\Common Files\vcclient\ClientUpdater.bat
c:\program files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
c:\program files\Common Files\vcclient\temp.txt
c:\program files\Common Files\vcclient\VCClient.exe.config
c:\program files\Common Files\vcclient\VCUpdate.exe.config
c:\program files\Common Files\vcclient\Version.txt
c:\program files\Common Files\windows
c:\program files\Common Files\windows\AutoIt3.exe
c:\program files\Common Files\windows\autoitscript.au3
c:\program files\Common Files\windows\psapi.dll
c:\program files\inetget2
c:\program files\INSTALL.LOG
c:\program files\network monitor
c:\program files\whInstall
c:\program files\whInstall\license.txt
c:\program files\whInstall\readme.txt
c:\program files\whInstall\Sporder.dll
c:\program files\whInstall\whAgent.inf
c:\program files\whInstall\whAgent.ini
c:\program files\whInstall\whInstaller.ini
c:\windows\RGFuaWVsIE1jS2Vl\
c:\windows\RGFuaWVsIE1jS2Vl\\l3IRuqpPKHY3mZp5.vbs
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\azbxnz.dll
c:\windows\system32\eieugq.dll
c:\windows\system32\eraseme_14486.exe
c:\windows\system32\eraseme_72331.exe
c:\windows\system32\eyomehut.ini
c:\windows\system32\fogarese.dll
c:\windows\System32\gijeluhe.dll
c:\windows\system32\imkcwy.dll
c:\windows\system32\muhenali.dll
c:\windows\system32\nomuyalo.dll
c:\windows\system32\patayaru.dll
c:\windows\system32\poyiyele.dll
c:\windows\system32\sesukaje.dll
c:\windows\system32\tsuninst.exe
c:\windows\system32\tuhemoye.dll
c:\windows\system32\urayatap.ini
c:\windows\system32\volosejo.dll
c:\windows\system32\zilabivi.dll
c:\windows\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_LSASS
-------\Legacy_MICROSOFT_MEDIA_TOOLS
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RDRIV
-------\Legacy_SYSMGR64
-------\Service_cmdService
-------\Service_lsass
-------\Service_MicroSoft Media Tools
-------\Service_Network Monitor
-------\Service_rdriv
-------\Service_sysmgr64


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-03 20:50 . 2008-04-14 05:42 218,624 --a------ c:\windows\SYSTEM32\uxtheme.uxtender
2009-03-03 20:50 . 2009-03-03 20:50 218,624 --a------ C:\uxtheme.uxtender
2009-03-03 20:30 . 2009-03-02 17:52 211 -rahs---- C:\BOOT.BKK
2009-03-03 02:50 . 2009-03-03 02:51 <DIR> d-------- c:\program files\Opera
2009-03-03 02:19 . 2009-03-03 07:52 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-03-02 20:52 . 2009-03-02 20:59 <DIR> d-------- C:\VIRUS
2009-03-02 20:35 . 2009-03-03 12:16 <DIR> d-------- C:\!KillBox
2009-03-02 20:29 . 2009-03-02 20:29 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 18:49 . 2009-03-03 21:05 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-02 18:45 . 2009-03-02 18:45 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\AVGTOOLBAR
2009-03-02 18:24 . 2009-03-02 18:24 325,128 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-03-02 18:24 . 2009-03-02 18:24 107,272 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-03-02 18:24 . 2009-03-02 18:24 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-03-02 18:23 . 2009-03-03 19:16 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-03-02 18:23 . 2009-03-02 18:23 <DIR> d-------- c:\program files\AVG
2009-03-02 18:23 . 2009-03-03 02:13 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\AVGTOOLBAR
2009-03-02 18:23 . 2009-03-03 21:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-03-02 17:56 . 2009-03-02 17:57 6,503 --a------ c:\windows\SYSTEM32\spupdsvc.inf
2009-03-02 17:46 . 2009-03-02 17:46 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-03-02 17:40 . 2009-03-02 17:47 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-02 17:38 . 2008-04-14 05:42 123,392 --------- c:\windows\SYSTEM32\mplay32.exe
2009-03-02 17:32 . 2006-12-29 00:31 19,569 --a------ c:\windows\002460_.tmp
2009-03-02 17:31 . 2007-08-10 20:46 26,488 --a------ c:\windows\SYSTEM32\spupdsvc.exe
2009-03-02 17:25 . 2009-03-02 17:25 <DIR> d-------- c:\windows\EHome
2009-03-02 16:28 . 2009-03-02 16:28 <DIR> d---s---- c:\documents and settings\Jeremy\UserData
2009-03-02 09:24 . 2002-08-29 05:00 138,752 --a------ c:\windows\SNDVOL32.EXE
2009-02-28 20:11 . 2009-03-02 15:16 1,773 --a------ c:\windows\checkip.dat
2009-02-26 04:46 . 2009-02-26 04:46 32 --a------ c:\windows\basefx.INI
2009-02-26 04:31 . 2009-02-26 04:31 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Jasc
2009-02-26 04:11 . 2009-02-26 04:11 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Apple Computer
2009-02-26 04:04 . 2009-02-26 04:04 <DIR> d-------- c:\documents and settings\Jeremy\Application Data\Sonic
2009-02-26 04:03 . 2009-03-02 18:24 <DIR> d-------- c:\documents and settings\Jeremy
2009-02-25 21:55 . 2009-02-25 21:55 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Jasc
2009-02-25 21:53 . 2009-02-25 21:53 21,840 --a------ c:\windows\SYSTEM32\SIntfNT.dll
2009-02-25 21:53 . 2009-02-25 21:53 17,212 --a------ c:\windows\SYSTEM32\SIntf32.dll
2009-02-25 21:53 . 2009-02-25 21:53 12,067 --a------ c:\windows\SYSTEM32\SIntf16.dll
2009-02-25 20:07 . 2009-02-25 20:07 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Learn2.com
2009-02-25 14:41 . 2008-04-14 00:15 10,624 --a------ c:\windows\SYSTEM32\DRIVERS\gameenum.sys
2009-02-24 18:47 . 2009-02-25 21:13 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-24 18:47 . 2007-06-19 22:35 24,096 --a------ c:\windows\SYSTEM32\DRIVERS\ts_lb.sys
2009-02-24 13:54 . 2009-02-24 13:54 444 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2009-02-24 09:23 . 2009-02-24 09:23 0 --a------ c:\windows\nsreg.dat
2009-02-24 09:14 . 2002-08-28 22:59 36,224 --a------ c:\windows\SYSTEM32\DRIVERS\an983.sys
2009-02-24 09:14 . 2002-08-28 22:59 36,224 --a--c--- c:\windows\SYSTEM32\DLLCACHE\an983.sys
2009-02-24 08:23 . 2009-02-25 16:41 <DIR> d-------- c:\program files\iTunes
2009-02-24 08:23 . 2009-02-24 08:23 <DIR> d-------- c:\program files\iPod
2009-02-24 08:23 . 2009-02-24 14:05 <DIR> d-------- c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\Apple Computer
2009-02-24 08:20 . 2009-02-24 08:21 <DIR> d-------- c:\program files\Apple Software Update
2009-02-24 08:20 . 2009-02-24 08:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 15:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 09:22 --------- d-----w c:\program files\My Organizer
2009-02-26 06:59 --------- d-----w c:\documents and settings\DANIEL MCKEE.DANIEL-T2P49JHI\Application Data\MSN6
2009-02-24 14:22 --------- d-----w c:\program files\QuickTime
2004-11-20 16:38 554 -c-ha-w c:\documents and settings\Daniel McKee\Application Data\hpothb07.dat
2004-11-20 16:38 353 -c-ha-w c:\documents and settings\Daniel McKee\hpothb07.dat
2004-11-20 16:38 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2004-07-16 02:23 255 -c-ha-w c:\program files\hpothb07.tif
2004-07-16 02:23 146 -c-ha-w c:\program files\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\NetworkService\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\LocalService\hpothb07.dat
2004-07-16 02:23 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat
2002-08-29 11:00 339,968 ----a-w c:\program files\MSPAINT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-16 7110656]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-07-16 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-02-05 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-02 1601304]

c:\documents and settings\Daniel McKee\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-06-07 256000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-03-03 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-02 18:24 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-03-02 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-03-02 107272]
R1 ts_lb;ts_lb;c:\windows\SYSTEM32\DRIVERS\ts_lb.sys [2009-02-24 24096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-02 298264]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [2009-03-02 26488]
S2 CQUBVYLR;CQUBVYLR;\??\c:\windows\System32\cqubvylr.zgj --> c:\windows\System32\cqubvylr.zgj [?]
S2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS --> c:\norman\Nse\bin\NDISKIO.SYS [?]
S2 Shell32Extender;Microsoft Windows Explorer Shell Subsystem;"c:\windows\system32\shell32.exe" --> c:\windows\system32\shell32.exe [?]
S3 CV2K1;CommView Network Monitor;c:\windows\SYSTEM32\DRIVERS\cv2k1.sys [2008-02-22 19240]
S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys --> c:\norman\Nvc\bin\nvcfsr.sys [?]
S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys --> c:\norman\Nvc\bin\nvcoafl51.sys [?]
S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys --> c:\norman\Nvc\bin\nvcoaft51.sys [?]
S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys --> c:\norman\Nvc\bin\nvcoarc51.sys [?]
S3 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe --> c:\norman\Nvc\bin\nvcoas.exe [?]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE --> c:\norman\Nvc\BIN\NVCSCHED.EXE [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\System32\Drivers\PsSdk30.drv --> c:\windows\System32\Drivers\PsSdk30.drv [?]
S4 mcafeeWALLP;mcafeeWALLP;"c:\windows\mcafeeWALLX.exe" --> c:\windows\mcafeeWALLX.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SetupWizard.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - c:\windows\System32\yipiwopa.dll
HKLM-Run-fumobigavu - c:\windows\System32\bokiluve.dll


.
------- Supplementary Scan -------
.
Trusted Zone: mirarsearch.com\click
Trusted Zone: mirarsearch.com\redirect
FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\ig66ysgi.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 21:40:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CQUBVYLR]
"ImagePath"="\??\c:\windows\System32\cqubvylr.zgj"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk30]
"ImagePath"="\??\c:\windows\System32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\spnpinst.exe
c:\windows\SYSTEM32\sysocmgr.exe
c:\windows\SYSTEM32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-03-03 21:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 03:44:20

Pre-Run: 11,812,872,192 bytes free
Post-Run: 12,046,061,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

253
 
Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/4/2009 1:54:02 AM
mbam-log-2009-03-04 (01-53-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 156612
Time elapsed: 1 hour(s), 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mediagateway.installer (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\mediagateway.installer.1 (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1 (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{91e523db-2a1c-4231-bb06-9be27c28739a} (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tsuninst.exe.vir (Adware.TargetSaver) -> No action taken.
C:\System Volume Information\_restore{09EB8D28-02B3-4B62-A6FD-9D7BFB94EE29}\RP100\A0156337.exe (Adware.TargetSaver) -> No action taken.
C:\usbdr.exe (Trojan.FakeAlert) -> No action taken.
C:\usbdrivr098.exe (Trojan.FakeAlert) -> No action taken.
C:\usbwx.exe (Trojan.FakeAlert) -> No action taken.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11 AM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Mirar (HKLM)
O15 - Trusted Zone: Mirar (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

--
End of file - 5191 bytes




Thank you for the help i think it worked :)
 
Remove

O15 - Trusted Zone: Mirar (HKLM)

O15 - Trusted Zone: Mirar (HKLM)

O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)

Run combofix again and then Malwarebytes and then post a new log along with the other logs
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom