Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 58

Thread: malware infection

  1. #11
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default HijackThis Log 4-5-09

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:39:18 PM, on 4/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\inetsrv\DavCData.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121835894750
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208355050890
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b.../java/RntX.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 7814 bytes

  2. #12
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default problem back

    The problem is back where I can't launched programs. I get a system message saying the program has encountered a problem and must close.

    This just started after following your last instructions.

  3. #13
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default new system message

    It says I need the following required software: Microsoft .net framework 2.0 (something like that)

  4. #14
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Well it might not be malware related issue.

    Which programs you are unable to launch?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #15
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default launch problem

    That has been a source of confusion: not knowing if the virus/malware is shutting programs down, or if there is something wrong with windows.

    To answer your question, most all programs that I try to start will launch, then immediately close. One exception is Foxfire. However, many programs that wont launch in normal mode, will launch in safe mode.

    However... I downloaded and installed that program windows said I needed.... .net framework 2.0 and also its latest patch #3. And now everything seems to be working okay again!

    So hopefully, this was the problem.

  6. #16
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Great

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #17
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default where we left off

    Several posts back, you asked me to paste the code box text into ComboFix.

    I did this and posted the new Combofix and HJT logs.

  8. #18
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default downloaded Kaspersky, about to scan

    Quote Originally Posted by Shaba View Post
    Great

    [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.[*]When the downloads have finished, click on Settings.[*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
    [*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply along with a fresh HijackThis log.[/list]

    If you need a tutorial, see here
    I wasnt prompted to run/install a program.

    Under settings, I see:
    Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases

    All are ticked, except the first line (Viruses, ...) is gray ticked.

    Should I scan "critical areas" or just "My Computer"?

  9. #19
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    My Computer would be the one
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #20
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default scan is running

    Ok, I have "my computer" scanning. Its at 8% after an hour and 20 min. Going to take a while.

    Another problem: when i type, letters start reversing order. what is this?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •