-
alright. I tried to restart and enter into safe mode.
I got the screen, selected safe mode with no networking, and pressed enter. it made me choose a partition... which was odd because there was only one. but I selected it. and it began starting up in safe mood.. listing a bunch of different files, but safe mode never started. I tried it several times. no luck.
-
Visiting Fellow
Looks like we are running around in circles here.
Anyway, Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)
-
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:30 PM, on 2006-12-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\aim6\anotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AJILON\Desktop\Analyse.exe.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [imuk] C:\PROGRA~1\COMMON~1\imuk\imukm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
Visiting Fellow
Hi,
Please delete the version of combofix you are having, because since we are already 3 weeks further, it has been updated and now it should normally run (since I guess it's a FAT32 in your case here which explains why it didn't run previously).
But first,
Check and fix next entry in HijackThis:
O4 - HKCU\..\Run: [imuk] C:\PROGRA~1\COMMON~1\imuk\imukm.exe
Then, * Re-Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
If that still doesn't work and no logfile is created (no C:\Combofix.txt), then do next instead:
* Download SDFix and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-
Okay... I got a HJT log for you, as well as the Combofix, which worked this time =)
HJT LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:22:59 PM, on 12/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim6\anotify.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ComboFix
"AJILON" - 2006-12-17 22:13:51 - ComboFix 07-07-12.3 - Service Pack 1 FAT32
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\wintisv.exe
((((((((((((((((((((((((( Files Created from 2006-11-18 to 2006-12-18 )))))))))))))))))))))))))))))))
2006-12-08 07:53 <DIR> d-------- C:\Program Files\Ares
2006-12-07 21:33 <DIR> d--hs---- C:\FOUND.001
2006-12-06 04:17 <DIR> d-------- C:\DOCUME~1\AJILON\APPLIC~1\AdobeUM
2006-12-06 04:08 <DIR> d-------- C:\WINDOWS\Cache
2006-12-06 03:35 <DIR> d--hs---- C:\FOUND.000
2006-12-03 06:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\QuickTime
2006-12-03 06:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-03 05:21 1,121 --a------ C:\WINDOWS\mozver.dat
2006-12-03 05:21 <DIR> d-------- C:\DOCUME~1\AJILON\APPLIC~1\Snapfish
2006-12-01 06:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2006-12-01 02:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2006-12-01 02:03 <DIR> d-------- C:\DOCUME~1\AJILON\APPLIC~1\Comodo
2006-12-01 01:58 <DIR> d-------- C:\Program Files\Comodo
2006-12-01 00:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-30 21:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2006-11-29 16:51 <DIR> d-------- C:\Program Files\HiJack This
2006-11-29 04:39 724,992 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 21:55 <DIR> d-------- C:\DOCUME~1\AJILON\Incomplete
2006-11-27 21:52 <DIR> d-------- C:\DOCUME~1\AJILON\APPLIC~1\LimeWire
2006-11-25 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2006-11-25 22:33 <DIR> d-------- C:\Program Files\Common Files\imuk
2006-11-25 22:18 <DIR> d--hs---- C:\WINDOWS\QUpJTE9O
2006-11-25 02:13 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2006-11-25 02:13 150,528 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2006-11-25 02:13 14,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2006-11-23 19:55 <DIR> d-------- C:\Program Files\Common Files\à?pPatch
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2006-11-24 00:55:08 -------- d-----w C:\Program Files\Common Files\??pPatch
2006-11-07 04:58:50 -------- d-----w C:\DOCUME~1\AJILON\APPLIC~1\acccore
2006-11-07 04:55:38 -------- d-----w C:\Program Files\AIM6
2006-11-04 04:03:58 227 ----a-w C:\WINDOWS\PowerReg.dat
2006-10-23 08:25:12 25,808 ----a-w C:\DOCUME~1\AJILON\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-05-07 19:32:34 266 --sh--w C:\Program Files\desktop.ini
2003-05-07 19:32:34 11,079 ---h--w C:\Program Files\folder.htt
2005-08-02 21:46:54 187,904 --sha-r C:\WINDOWS\QUpJTE9O\asappsrv.dll
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\QUpJTE9O\koDLnH6i.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2006-12-01 01:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2006-12-17 22:17:52
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2006-12-17 22:19:21
C:\ComboFix-quarantined-files.txt ... 2006-12-17 22:19
--- E O F ---
-
Visiting Fellow
Hi,
Only leftovers here...
Navigate to the following folder:
C:\Program Files\Common Files
In there, there will be a folder called "à?pPatch".
It will most probably look like appPatch. Delete that folder.
DON'T delete the AppPatch folder present in your C:\Windows - folder, because that's a good one !!!
Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
Folder::
C:\Program Files\Common Files\imuk
C:\WINDOWS\QUpJTE9O
Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
-
Logfile of HijackThis v1.99.1
Scan saved at 5:30:25 PM, on 7/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim6\anotify.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HiJack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
"AJILON" - 2007-07-12 17:23:45 - ComboFix 07-07-12.3 - Service Pack 1 FAT32
Command switches used :: C:\Documents and Settings\AJILON\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\imuk
C:\WINDOWS\QUpJTE9O
C:\WINDOWS\QUpJTE9O\asappsrv.dll
C:\WINDOWS\QUpJTE9O\koDLnH6i.vbs
((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-10-23 07:25:12 25,808 ----a-w C:\DOCUME~1\AJILON\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-05-07 18:32:34 266 --sh--w C:\Program Files\desktop.ini
2003-05-07 18:32:34 11,079 ---h--w C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 11:35]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2006-12-01 02:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 17:27:01
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-12 17:28:09
C:\ComboFix2.txt ... 2006-12-17 22:19
C:\ComboFix-quarantined-files.txt ... 2007-07-12 17:28
--- E O F ---
-
Visiting Fellow
Clean logs again.
Delete the C:\Qoobox folder.
Let me know how things are now.
-
New logs below, and everything seems much better now. I still have popups occasionally but it's just the result of a cookie or something simple. My computer is still a bit on the slow side, but it's getting older.. it's about 4 years old in the computer world... it was running just fine up until lately. I want to ask you about defragmenting it... someone I know suggested it... I don't think it's ever been done, and I don't really know a lot about it. I'm much more... software oriented.. I know little to none about the actual background workings of a computer.
"AJILON" - 2007-07-12 22:08:10 - ComboFix 07-07-12.3 - Service Pack 1 FAT32
((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-10-23 07:25:12 25,808 ----a-w C:\DOCUME~1\AJILON\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-05-07 18:32:34 266 --sh--w C:\Program Files\desktop.ini
2003-05-07 18:32:34 11,079 ---h--w C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2006-12-01 01:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 22:13:04
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-12 22:14:28
C:\ComboFix3.txt ... 2006-12-17 22:19
C:\ComboFix-quarantined-files.txt ... 2007-07-12 17:28
C:\ComboFix2.txt ... 2007-07-12 17:28
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 10:05:31 PM, on 7/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
Visiting Fellow
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules