Help Please
Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Homicide\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/puccini/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
please help. There is definitly something wrong. Very slow and errors constantly popping up saying I dont have enough memory, but 1 GB of memory is plenty of memory for the little things that I do.
Scan saved at 2:38:31 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Homicide\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/puccini/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
please help. There is definitly something wrong. Very slow and errors constantly popping up saying I dont have enough memory, but 1 GB of memory is plenty of memory for the little things that I do.
0
Comments
And Welcome Icrontic.
There is not problen in hijacklog
Check first what is capacity of your hard drive ?
How much there is free memory ?
There must be more free space than few hundred MB.
Second Check your RAM memorys condition.
I dont know how to check how my RAM is doing. I know that I have 992 MB of RAM though.
Please download EVEREST
Assemble it and run it.
Check there motherboard and memory
what else did you want me to post?
I think that there is some problem in your comps memory cards. They don't work
Probably somebody else can help you in this case
Do you have asked HERE ? I recommend to ask there.
I already did a restore thing. I went back one day, but it made no difference. Everything is the same as it was before.
Try this :
Click bookmarks in firefox and edit bookmarks.
Then click file > import > in file
And navigate to
C:\Documents and Settings\*******\Application Data\Mozilla\Firefox\Profiles\z7pt22ha.default\bookmarkbackups
****** is your user account
Select there newest or second newest bookmarks backup file and import it to fox.
And also I did a scan on my computer and it said there was a virus on there known as
msconfig.cww
or something like that. It was a coolwebsearch virus. Is there anyway to get rid of it besides the CWShredder? It seems to keep coming back.
Glad that helps.
Cwshredder removes only ca half CWS-infections, so i need get more information that virus.
What scanner found it.
Where that infected file is, can you give its address ?
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))
2007-07-27 08:42 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-26 23:52 679,936 --a
C:\WINDOWS\system32\D3DX81ab.dll
2007-07-26 23:52 1,970,176 --a
C:\WINDOWS\system32\d3dx9.dll
2007-07-26 16:20 <DIR> d
C:\WINDOWS\pss
2007-07-24 21:25 <DIR> d
C:\DOCUME~1\Homicide\APPLIC~1\Ahead
2007-07-24 21:21 <DIR> d
C:\Program Files\Nero
2007-07-24 21:21 <DIR> d
C:\Program Files\Common Files\Ahead
2007-07-20 15:37 <DIR> d
C:\Program Files\Eusing Free Registry Cleaner
2007-07-20 15:29 <DIR> d
C:\Program Files\CleanMyPC
2007-07-20 15:25 <DIR> d-a
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-19 22:46 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-07-19 22:45 <DIR> d
C:\Program Files\Common Files\Adobe Systems Shared
2007-07-19 01:11 90,112
C:\WINDOWS\SDUnInst.exe
2007-07-15 23:15 <DIR> d
C:\Program Files\Lavasoft
2007-07-15 23:15 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-15 23:14 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2007-07-13 21:11 26 --a
C:\WINDOWS\WINSTART.BAT
2007-07-13 21:11 156 --a
C:\WINDOWS\TMPCPYIS.BAT
2007-07-13 21:11 122 --a
C:\WINDOWS\TMPDELIS.BAT
2007-07-13 21:10 995,136 --a
C:\WINDOWS\system\MSAJT200.DLL
2007-07-13 21:10 935,632 --a
C:\WINDOWS\system\VB40016.DLL
2007-07-13 21:10 86,848 --a
C:\WINDOWS\system\VBDB16.DLL
2007-07-13 21:10 85,008 --a
C:\WINDOWS\system\PDSODBC.DLL
2007-07-13 21:10 77,664 --a
C:\WINDOWS\system\IR21_R.DLL
2007-07-13 21:10 7,168 --a
C:\WINDOWS\system\DISPDIB.DLL
2007-07-13 21:10 64,848 --a
C:\WINDOWS\system\PDBDAO.DLL
2007-07-13 21:10 57,328 --a
C:\WINDOWS\system\OLE2CONV.DLL
2007-07-13 21:10 543,584 --a
C:\WINDOWS\system\DAO2516.DLL
2007-07-13 21:10 536,048 --a
C:\WINDOWS\system\OC25.DLL
2007-07-13 21:10 51,712 --a
C:\WINDOWS\system\OLE2PROX.DLL
2007-07-13 21:10 49,616 --a
C:\WINDOWS\system\MSACM.DLL
2007-07-13 21:10 39,424 --a
C:\WINDOWS\system\UXFTEXT.DLL
2007-07-13 21:10 37,888 --a
C:\WINDOWS\system\UXFSEPV.DLL
2007-07-13 21:10 36,560 --a
C:\WINDOWS\system\PDIRDAO.DLL
2007-07-13 21:10 35,840 --a
C:\WINDOWS\system\UXFDIF.DLL
2007-07-13 21:10 33,792 --a
C:\WINDOWS\system\UXFREC.DLL
2007-07-13 21:10 33,456 --a
C:\WINDOWS\system\PDCTDAO.DLL
2007-07-13 21:10 304,640 --a
C:\WINDOWS\system\OLE2.DLL
2007-07-13 21:10 296,832 --a
C:\WINDOWS\system\XBS200.DLL
2007-07-13 21:10 28,113 --a
C:\WINDOWS\system\OLE2.REG
2007-07-13 21:10 27,632 --a
C:\WINDOWS\system\CTL3DV2.DLL
2007-07-13 21:10 27,136 --a
C:\WINDOWS\system\UXDDISK.DLL
2007-07-13 21:10 26,768 --a
C:\WINDOWS\system\CTL3D.DLL
2007-07-13 21:10 248,064 --a
C:\WINDOWS\UNINST16.EXE
2007-07-13 21:10 233,328 --a
C:\WINDOWS\system\PDX200.DLL
2007-07-13 21:10 22,398 --a
C:\WINDOWS\system\CRXLATE.DLL
2007-07-13 21:10 20,496 --a
C:\WINDOWS\system\PDBBND.DLL
2007-07-13 21:10 2,920 --a
C:\WINDOWS\system\VBAJET.DLL
2007-07-13 21:10 177,824 --a
C:\WINDOWS\system\TYPELIB.DLL
2007-07-13 21:10 164,960 --a
C:\WINDOWS\system\OLE2DISP.DLL
2007-07-13 21:10 157,696 --a
C:\WINDOWS\system\STORAGE.DLL
2007-07-13 21:10 152,976 --a
C:\WINDOWS\system\OLE2NLS.DLL
2007-07-13 21:10 151,040 --a
C:\WINDOWS\system\IR32.DLL
2007-07-13 21:10 15,936 --a
C:\WINDOWS\system\MSJETINT.DLL
2007-07-13 21:10 149,344 --a
C:\WINDOWS\system\MSXL2016.DLL
2007-07-13 21:10 12,976 --a
C:\WINDOWS\system\SCP.DLL
2007-07-13 21:10 12,800 --a
C:\WINDOWS\system\ACMCMPRS.DLL
2007-07-13 21:10 111,616 --a
C:\WINDOWS\system\BTRV200.DLL
2007-07-13 21:10 11,232 --a
C:\WINDOWS\system\MSJETERR.DLL
2007-07-13 21:10 109,056 --a
C:\WINDOWS\system\COMPOBJ.DLL
2007-07-13 21:10 102,080 --a
C:\WINDOWS\system\MSTX2016.DLL
2007-07-13 21:10 1,124,880 --a
C:\WINDOWS\system\CRPE.DLL
2007-07-13 21:10 <DIR> d
C:\CHARANGA
2007-07-12 10:29 10,872 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 17:43 <DIR> d
C:\DOCUME~1\Homicide\APPLIC~1\Move Networks
2007-07-11 10:45 <DIR> d
C:\WINDOWS\Prefetch
2007-07-11 10:00 <DIR> d
C:\WINDOWS\provisioning
2007-07-11 10:00 <DIR> d
C:\WINDOWS\peernet
2007-07-11 09:51 <DIR> d
C:\WINDOWS\ServicePackFiles
2007-07-11 09:36 <DIR> d
C:\WINDOWS\EHome
2007-07-10 23:55 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-10 10:55 <DIR> d
C:\Program Files\Cheat Engine
2007-07-09 23:45 <DIR> d
C:\Program Files\Common Files\xing shared
2007-07-09 23:44 <DIR> d
C:\Program Files\Real
2007-07-09 23:44 <DIR> d
C:\Program Files\Common Files\Real
2007-07-09 23:43 <DIR> d
C:\DOCUME~1\Homicide\APPLIC~1\Real
2007-07-06 15:54 4,569
C:\WINDOWS\system32\secupd.dat
2007-07-06 15:54 11,776
C:\WINDOWS\system32\spnpinst.exe
2007-06-29 16:16 <DIR> d
C:\DOCUME~1\Homicide\APPLIC~1\Viewpoint
2007-06-27 13:10 <DIR> d
C:\DOCUME~1\Homicide\APPLIC~1\AdobeUM
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-27 00:47:54 655 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-27 00:38:37
d
w C:\Program Files\Lavasoft Ad-Aware
2007-07-18 13:47:45
d
w C:\DOCUME~1\Homicide\APPLIC~1\DivX
2007-07-12 07:14:00
d
w C:\Program Files\Messenger
2007-07-11 15:55:02
d
w C:\Program Files\MSN Messenger
2007-07-11 15:00:33
d
w C:\Program Files\Movie Maker
2007-07-11 14:50:34
d
w C:\Program Files\Windows NT
2007-07-10 04:46:55 3,224 ----a-w C:\WINDOWS\mozver.dat
2007-06-24 18:58:03
d
w C:\Program Files\DivX
2007-06-23 23:38:06
d
w C:\Program Files\Ares
2007-06-23 21:10:39
d
w C:\Program Files\Online Services
2007-06-23 20:57:12
d
w C:\Program Files\Sunbelt Software
2007-06-23 20:53:48
d
w C:\DOCUME~1\Homicide\APPLIC~1\Microsoft Web Folders
2007-06-23 20:53:38
d
w C:\Program Files\microsoft frontpage
2007-06-23 20:48:52
d
w C:\Program Files\C-Media
2007-06-23 20:43:07
d
w C:\Program Files\Kerio
2007-06-23 20:39:41 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-06-23 20:35:35
d
w C:\Program Files\AIM
2007-06-23 20:34:36
d
w C:\Program Files\AOD
2007-06-23 20:29:03
d
w C:\Program Files\Viewpoint
2007-06-23 20:25:18 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-23 20:22:54
d
w C:\DOCUME~1\Homicide\APPLIC~1\Aim
2007-06-23 20:16:42 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT
2007-06-23 20:13:47
d--h--w C:\Program Files\WindowsUpdate
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2004-04-23 14:30 C:\WINDOWS\CMICNFG.CPL]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\irprops.cpl]
"VTTimer"="VTTimer.exe" [2003-12-19 01:39 C:\WINDOWS\system32\VTTimer.exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
C:\Documents and Settings\Homicide\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 05:05:56]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPF4"=2 (0x2)
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
R3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
R3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
R3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S4 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 08:46:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-27 8:48:08
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:49:42 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Homicide\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aq.battleon.com/Build30/game.asp?launchtype=medium
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Logs looks good
Can you tell more that whay i ask in my last reply
I dont know anything else about it though.
It can be false alarm, see Link
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here