Help Please

Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Homicide\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/puccini/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe



please help. There is definitly something wrong. Very slow and errors constantly popping up saying I dont have enough memory, but 1 GB of memory is plenty of memory for the little things that I do.

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi Homicide,

    And Welcome Icrontic.

    There is not problen in hijacklog :D

    Check first what is capacity of your hard drive ?
    How much there is free memory ?

    There must be more free space than few hundred MB.

    Second Check your RAM memorys condition.
  • edited July 2007
    Ok my HD has 74.5 GB of total space and free space is at 53.1 GB of free space.

    I dont know how to check how my RAM is doing. I know that I have 992 MB of RAM though.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi again,
    Please download EVEREST

    Assemble it and run it.

    Check there motherboard and memory :D
  • edited July 2007
    it says there are 610 MB of free Physical Memory.

    what else did you want me to post?
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Only that what you did.

    I think that there is some problem in your comps memory cards. They don't work

    Probably somebody else can help you in this case :)

    Do you have asked HERE ? I recommend to ask there.
  • edited July 2007
    ok thanks for all the help. If they cant help me then well im screwed. lol thanks!
  • edited July 2007
    Ok well this is strange. I had to restart my computer because it locked up on me and well when it came back up all my bookmarks and settings were gone for Firefox. Is there anyway to get them back?

    I already did a restore thing. I went back one day, but it made no difference. Everything is the same as it was before.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi,

    Try this :

    Click bookmarks in firefox and edit bookmarks.

    Then click file > import > in file

    And navigate to

    C:\Documents and Settings\*******\Application Data\Mozilla\Firefox\Profiles\z7pt22ha.default\bookmarkbackups

    ****** is your user account :D

    Select there newest or second newest bookmarks backup file and import it to fox.
  • edited July 2007
    wow awesome thanks. I got them all back.

    And also I did a scan on my computer and it said there was a virus on there known as

    msconfig.cww

    or something like that. It was a coolwebsearch virus. Is there anyway to get rid of it besides the CWShredder? It seems to keep coming back.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi,

    Glad that helps.


    Cwshredder removes only ca half CWS-infections, so i need get more information that virus.
    What scanner found it.
    Where that infected file is, can you give its address ?

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • edited July 2007
    "Homicide" - 2007-07-27 8:43:06 [GMT -5:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


    2007-07-27 08:42 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-07-26 23:52 679,936 --a
    C:\WINDOWS\system32\D3DX81ab.dll
    2007-07-26 23:52 1,970,176 --a
    C:\WINDOWS\system32\d3dx9.dll
    2007-07-26 16:20 <DIR> d
    C:\WINDOWS\pss
    2007-07-24 21:25 <DIR> d
    C:\DOCUME~1\Homicide\APPLIC~1\Ahead
    2007-07-24 21:21 <DIR> d
    C:\Program Files\Nero
    2007-07-24 21:21 <DIR> d
    C:\Program Files\Common Files\Ahead
    2007-07-20 15:37 <DIR> d
    C:\Program Files\Eusing Free Registry Cleaner
    2007-07-20 15:29 <DIR> d
    C:\Program Files\CleanMyPC
    2007-07-20 15:25 <DIR> d-a
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-19 22:46 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-07-19 22:45 <DIR> d
    C:\Program Files\Common Files\Adobe Systems Shared
    2007-07-19 01:11 90,112
    C:\WINDOWS\SDUnInst.exe
    2007-07-15 23:15 <DIR> d
    C:\Program Files\Lavasoft
    2007-07-15 23:15 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-15 23:14 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-13 21:11 26 --a
    C:\WINDOWS\WINSTART.BAT
    2007-07-13 21:11 156 --a
    C:\WINDOWS\TMPCPYIS.BAT
    2007-07-13 21:11 122 --a
    C:\WINDOWS\TMPDELIS.BAT
    2007-07-13 21:10 995,136 --a
    C:\WINDOWS\system\MSAJT200.DLL
    2007-07-13 21:10 935,632 --a
    C:\WINDOWS\system\VB40016.DLL
    2007-07-13 21:10 86,848 --a
    C:\WINDOWS\system\VBDB16.DLL
    2007-07-13 21:10 85,008 --a
    C:\WINDOWS\system\PDSODBC.DLL
    2007-07-13 21:10 77,664 --a
    C:\WINDOWS\system\IR21_R.DLL
    2007-07-13 21:10 7,168 --a
    C:\WINDOWS\system\DISPDIB.DLL
    2007-07-13 21:10 64,848 --a
    C:\WINDOWS\system\PDBDAO.DLL
    2007-07-13 21:10 57,328 --a
    C:\WINDOWS\system\OLE2CONV.DLL
    2007-07-13 21:10 543,584 --a
    C:\WINDOWS\system\DAO2516.DLL
    2007-07-13 21:10 536,048 --a
    C:\WINDOWS\system\OC25.DLL
    2007-07-13 21:10 51,712 --a
    C:\WINDOWS\system\OLE2PROX.DLL
    2007-07-13 21:10 49,616 --a
    C:\WINDOWS\system\MSACM.DLL
    2007-07-13 21:10 39,424 --a
    C:\WINDOWS\system\UXFTEXT.DLL
    2007-07-13 21:10 37,888 --a
    C:\WINDOWS\system\UXFSEPV.DLL
    2007-07-13 21:10 36,560 --a
    C:\WINDOWS\system\PDIRDAO.DLL
    2007-07-13 21:10 35,840 --a
    C:\WINDOWS\system\UXFDIF.DLL
    2007-07-13 21:10 33,792 --a
    C:\WINDOWS\system\UXFREC.DLL
    2007-07-13 21:10 33,456 --a
    C:\WINDOWS\system\PDCTDAO.DLL
    2007-07-13 21:10 304,640 --a
    C:\WINDOWS\system\OLE2.DLL
    2007-07-13 21:10 296,832 --a
    C:\WINDOWS\system\XBS200.DLL
    2007-07-13 21:10 28,113 --a
    C:\WINDOWS\system\OLE2.REG
    2007-07-13 21:10 27,632 --a
    C:\WINDOWS\system\CTL3DV2.DLL
    2007-07-13 21:10 27,136 --a
    C:\WINDOWS\system\UXDDISK.DLL
    2007-07-13 21:10 26,768 --a
    C:\WINDOWS\system\CTL3D.DLL
    2007-07-13 21:10 248,064 --a
    C:\WINDOWS\UNINST16.EXE
    2007-07-13 21:10 233,328 --a
    C:\WINDOWS\system\PDX200.DLL
    2007-07-13 21:10 22,398 --a
    C:\WINDOWS\system\CRXLATE.DLL
    2007-07-13 21:10 20,496 --a
    C:\WINDOWS\system\PDBBND.DLL
    2007-07-13 21:10 2,920 --a
    C:\WINDOWS\system\VBAJET.DLL
    2007-07-13 21:10 177,824 --a
    C:\WINDOWS\system\TYPELIB.DLL
    2007-07-13 21:10 164,960 --a
    C:\WINDOWS\system\OLE2DISP.DLL
    2007-07-13 21:10 157,696 --a
    C:\WINDOWS\system\STORAGE.DLL
    2007-07-13 21:10 152,976 --a
    C:\WINDOWS\system\OLE2NLS.DLL
    2007-07-13 21:10 151,040 --a
    C:\WINDOWS\system\IR32.DLL
    2007-07-13 21:10 15,936 --a
    C:\WINDOWS\system\MSJETINT.DLL
    2007-07-13 21:10 149,344 --a
    C:\WINDOWS\system\MSXL2016.DLL
    2007-07-13 21:10 12,976 --a
    C:\WINDOWS\system\SCP.DLL
    2007-07-13 21:10 12,800 --a
    C:\WINDOWS\system\ACMCMPRS.DLL
    2007-07-13 21:10 111,616 --a
    C:\WINDOWS\system\BTRV200.DLL
    2007-07-13 21:10 11,232 --a
    C:\WINDOWS\system\MSJETERR.DLL
    2007-07-13 21:10 109,056 --a
    C:\WINDOWS\system\COMPOBJ.DLL
    2007-07-13 21:10 102,080 --a
    C:\WINDOWS\system\MSTX2016.DLL
    2007-07-13 21:10 1,124,880 --a
    C:\WINDOWS\system\CRPE.DLL
    2007-07-13 21:10 <DIR> d
    C:\CHARANGA
    2007-07-12 10:29 10,872 --a
    C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-11 17:43 <DIR> d
    C:\DOCUME~1\Homicide\APPLIC~1\Move Networks
    2007-07-11 10:45 <DIR> d
    C:\WINDOWS\Prefetch
    2007-07-11 10:00 <DIR> d
    C:\WINDOWS\provisioning
    2007-07-11 10:00 <DIR> d
    C:\WINDOWS\peernet
    2007-07-11 09:51 <DIR> d
    C:\WINDOWS\ServicePackFiles
    2007-07-11 09:36 <DIR> d
    C:\WINDOWS\EHome
    2007-07-10 23:55 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-07-10 10:55 <DIR> d
    C:\Program Files\Cheat Engine
    2007-07-09 23:45 <DIR> d
    C:\Program Files\Common Files\xing shared
    2007-07-09 23:44 <DIR> d
    C:\Program Files\Real
    2007-07-09 23:44 <DIR> d
    C:\Program Files\Common Files\Real
    2007-07-09 23:43 <DIR> d
    C:\DOCUME~1\Homicide\APPLIC~1\Real
    2007-07-06 15:54 4,569
    C:\WINDOWS\system32\secupd.dat
    2007-07-06 15:54 11,776
    C:\WINDOWS\system32\spnpinst.exe
    2007-06-29 16:16 <DIR> d
    C:\DOCUME~1\Homicide\APPLIC~1\Viewpoint
    2007-06-27 13:10 <DIR> d
    C:\DOCUME~1\Homicide\APPLIC~1\AdobeUM


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-27 00:47:54 655 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2007-07-27 00:38:37
    d
    w C:\Program Files\Lavasoft Ad-Aware
    2007-07-18 13:47:45
    d
    w C:\DOCUME~1\Homicide\APPLIC~1\DivX
    2007-07-12 07:14:00
    d
    w C:\Program Files\Messenger
    2007-07-11 15:55:02
    d
    w C:\Program Files\MSN Messenger
    2007-07-11 15:00:33
    d
    w C:\Program Files\Movie Maker
    2007-07-11 14:50:34
    d
    w C:\Program Files\Windows NT
    2007-07-10 04:46:55 3,224 ----a-w C:\WINDOWS\mozver.dat
    2007-06-24 18:58:03
    d
    w C:\Program Files\DivX
    2007-06-23 23:38:06
    d
    w C:\Program Files\Ares
    2007-06-23 21:10:39
    d
    w C:\Program Files\Online Services
    2007-06-23 20:57:12
    d
    w C:\Program Files\Sunbelt Software
    2007-06-23 20:53:48
    d
    w C:\DOCUME~1\Homicide\APPLIC~1\Microsoft Web Folders
    2007-06-23 20:53:38
    d
    w C:\Program Files\microsoft frontpage
    2007-06-23 20:48:52
    d
    w C:\Program Files\C-Media
    2007-06-23 20:43:07
    d
    w C:\Program Files\Kerio
    2007-06-23 20:39:41 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2007-06-23 20:35:35
    d
    w C:\Program Files\AIM
    2007-06-23 20:34:36
    d
    w C:\Program Files\AOD
    2007-06-23 20:29:03
    d
    w C:\Program Files\Viewpoint
    2007-06-23 20:25:18 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-06-23 20:22:54
    d
    w C:\DOCUME~1\Homicide\APPLIC~1\Aim
    2007-06-23 20:16:42 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT
    2007-06-23 20:13:47
    d--h--w C:\Program Files\WindowsUpdate
    2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" [2004-04-23 14:30 C:\WINDOWS\CMICNFG.CPL]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\irprops.cpl]
    "VTTimer"="VTTimer.exe" [2003-12-19 01:39 C:\WINDOWS\system32\VTTimer.exe]
    "NWEReboot"="" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
    "AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]

    C:\Documents and Settings\Homicide\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 05:05:56]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SPF4"=2 (0x2)

    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
    R3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
    R3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    R3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
    R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
    S4 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-27 08:46:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-27 8:48:08

    --- E O F ---





    Logfile of HijackThis v1.99.1
    Scan saved at 8:49:42 AM, on 7/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Homicide\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aq.battleon.com/Build30/game.asp?launchtype=medium
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    Hi

    Logs looks good :D

    Can you tell more that whay i ask in my last reply :D
  • edited July 2007
    its called cws.msconfig

    I dont know anything else about it though.
  • NuppiNuppi South Ostrobothnia (Finland)
    edited July 2007
    HI ,

    It can be false alarm, see Link

    :D
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
Sign In or Register to comment.