mrskay1955
2009-08-25, 01:07
HELP ME PLEASE, I HAVE SERIOUS PROBLEMS AND DON'T KNOW WHAT I AM DOING. LOL SOMEONE TOLD ME TO DO THIS, I HAVE WINPROTECTOR IN MY STARTUP IN MSCONFIG, AND WAS TOLD THIS IS BAD MALWARE, MY COMPUTER IS ACTING TERRIBLY SLOW. SO HERE IS THE HIJACK LOG. PLEASE HELP ME.
JAN
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 6:07:14 PM, on 8/18/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16876)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> C:\WINDOWS\system32\HPZipm12.exe
> C:\Program Files\Softex\OmniPass\OPXPApp.exe
> C:\WINDOWS\System32\svchost.exe
> C:\PROGRA~1\AVG\AVG8\avgam.exe
> C:\PROGRA~1\AVG\AVG8\avgrsx.exe
> C:\PROGRA~1\AVG\AVG8\avgnsx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\AVG\AVG8\avgemc.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\windows\system\hpsysdrv.exe
> C:\HP\KBD\KBD.EXE
> C:\Program Files\AVG\AVG8\avgcsrvx.exe
> C:\PROGRA~1\AVG\AVG8\avgtray.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\Common Files\AOL\1249702751\ee\AOLSoftware.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Common Files\AOL\Loader\aolload.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\AOL 9.1\waol.exe
> C:\Program Files\AOL 9.1\shellmon.exe
> C:\WINDOWS\system32\NOTEPAD.EXE
> C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost;*.local
> R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
> (no file)
> R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
> (no file)
> R3 - URLSearchHook: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
> 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) -
> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
> Money\System\mnyside.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
> Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O2 - BHO: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV
> Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
> O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O3 - Toolbar: AVG Security Toolbar -
> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [hpsysdrv]
> c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
> Files\AOL\1249702751\ee\AOLSoftware.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
> O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
> O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User
> 'Default user')
> O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
> O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and
> Settings\All Users\Application
> Data\AOL\ieToolbar\resources\en-US\local\search.html
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
> C:\Program Files\Microsoft Money\System\mnyside.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe O16 - DPF:
> {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> _http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuw eb_site.cab?1230780502843_
> (http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuweb_site.cab?1230780502843) O16 - DPF:
> {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> _http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab_
> (http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab)
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:\Program Files\AVG\AVG8\avgpp.dll
> O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
> O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program
> Files\Common Files\AOL\ACS\AOLAcsd.exe
> O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o.
> - C:\PROGRA~1\AVG\AVG8\avgemc.exe
> O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>
> --
> End of file - 7206 bytes
JAN
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 6:07:14 PM, on 8/18/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16876)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> C:\WINDOWS\system32\HPZipm12.exe
> C:\Program Files\Softex\OmniPass\OPXPApp.exe
> C:\WINDOWS\System32\svchost.exe
> C:\PROGRA~1\AVG\AVG8\avgam.exe
> C:\PROGRA~1\AVG\AVG8\avgrsx.exe
> C:\PROGRA~1\AVG\AVG8\avgnsx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\AVG\AVG8\avgemc.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\windows\system\hpsysdrv.exe
> C:\HP\KBD\KBD.EXE
> C:\Program Files\AVG\AVG8\avgcsrvx.exe
> C:\PROGRA~1\AVG\AVG8\avgtray.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\Common Files\AOL\1249702751\ee\AOLSoftware.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Common Files\AOL\Loader\aolload.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\AOL 9.1\waol.exe
> C:\Program Files\AOL 9.1\shellmon.exe
> C:\WINDOWS\system32\NOTEPAD.EXE
> C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost;*.local
> R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
> (no file)
> R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
> (no file)
> R3 - URLSearchHook: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
> 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) -
> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
> Money\System\mnyside.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
> Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O2 - BHO: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV
> Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
> O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O3 - Toolbar: AVG Security Toolbar -
> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [hpsysdrv]
> c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
> Files\AOL\1249702751\ee\AOLSoftware.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
> O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
> O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User
> 'Default user')
> O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
> O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and
> Settings\All Users\Application
> Data\AOL\ieToolbar\resources\en-US\local\search.html
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
> C:\Program Files\Microsoft Money\System\mnyside.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe O16 - DPF:
> {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> _http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuw eb_site.cab?1230780502843_
> (http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuweb_site.cab?1230780502843) O16 - DPF:
> {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> _http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab_
> (http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab)
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:\Program Files\AVG\AVG8\avgpp.dll
> O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
> O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program
> Files\Common Files\AOL\ACS\AOLAcsd.exe
> O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o.
> - C:\PROGRA~1\AVG\AVG8\avgemc.exe
> O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>
> --
> End of file - 7206 bytes