I have run lavasoft and symantic, neither helped. I just ran combofix.exe and below is the log. What else should I do?
ComboFix 08-03-17.1 - Tisha 2008-03-17 20:45:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1418 [GMT -4:00]
Running from: H:\Documents and Settings\Tisha\Local Settings\Temporary Internet Files\Content.IE5\MTGLDBV2\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\#SharedObjects\YGWLGM4H\www.broadcaster.com
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
H:\Documents and Settings\Jason\My Documents\Jason\sim tower\simtsend\SAMPLER\_INSTALL.EXE
.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-17 20:13 . 2008-03-17 20:17 <DIR> d-------- H:\Program Files\Spyware Doctor
2008-03-17 20:13 . 2008-03-17 20:13 <DIR> d-------- H:\Documents and Settings\Tisha\Application Data\PC Tools
2008-03-17 20:13 . 2008-03-17 20:39 <DIR> d-a------ H:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 20:13 . 2007-12-10 14:53 81,288 --a------ H:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-17 20:13 . 2007-12-10 14:53 66,952 --a------ H:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-17 20:13 . 2008-02-01 12:55 42,376 --a------ H:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-17 20:13 . 2007-12-10 14:53 29,576 --a------ H:\WINDOWS\system32\drivers\kcom.sys
2008-03-16 09:55 . 2008-03-16 09:55 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-15 20:15 . 2001-08-17 13:48 12,160 --a------ H:\WINDOWS\system32\drivers\mouhid.sys
2008-03-15 20:15 . 2001-08-17 13:48 12,160 --a--c--- H:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-15 09:18 . 2008-03-15 09:18 <DIR> d-------- H:\Program Files\Trend Micro
2008-03-09 17:28 . 2004-08-04 08:00 88,064 --a------ H:\WINDOWS\system32\asycfil.dll
2008-02-18 15:42 . 2008-02-18 15:42 54,156 --ah----- H:\WINDOWS\QTFont.qfn
2008-02-18 15:42 . 2008-02-18 15:42 1,409 --a------ H:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 13:55 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-16 13:55 --------- d-----w H:\Program Files\CyberLink
2008-03-16 13:54 --------- d-----w H:\Program Files\CyberLink DVD Solution
2008-02-10 17:52 --------- d-----w H:\Documents and Settings\Tisha\Application Data\CyberLink
2008-02-03 19:08 1,049,725 ----a-w H:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-02-03 18:34 --------- d-----w H:\Program Files\ValuSoft
2008-02-03 18:34 --------- d-----w H:\Program Files\Common Files\Thraex Software
2008-02-03 03:05 --------- d-----w H:\Program Files\ProfitUI Reborn Updater
2008-02-03 01:56 --------- d-----w H:\Program Files\Maxis
2008-02-03 01:45 --------- d-----w H:\Program Files\Ventrilo
2008-02-03 01:44 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2004-08-10 03:30 40,960 ----a-w H:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F569C2F8-6404-4281-9E9A-2EB7CF1FE738}]
2004-08-04 08:00 88064 --a------ H:\WINDOWS\system32\asycfil.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"Aim6"="H:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24 50760]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="H:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49 4662776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44 94208]
"SweetIM"="H:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]
"EasyLinkAdvisor"="H:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="H:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [2004-05-21 17:07 1695830]
"CRBroadCasting"="H:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 06:46 24576]
"ATIPTA"="H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"vptray"="H:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-10-07 12:39 90112]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"cr"="H:\WINDOWS\oimcr.exe" [ ]
"MMTray"="H:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 12:06 110592]
"NeroCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-02 09:23 180269]
"RemoteControl"="H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"ISTray"="H:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=H:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=H:\WINDOWS\pss\Forget Me Not.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=H:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-05-09 20:24 50760 H:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-11-10 10:44 94208 H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D066UUtility]
-ra------ 2000-07-06 16:11 32768 H:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-06-25 11:29 294998 H:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 H:\Program Files\Common Files\AOL\1141177936\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 H:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 H:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 12:06 11776 H:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 12:06 110592 H:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 H:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 H:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 H:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-06-28 21:29 32768 H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-05-14 03:47 67072 H:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-02 09:23 180269 H:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-11 00:15 111816 H:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"H:\\Program Files\\Common Files\\AOL\\1141177936\\ee\\aolsoftware.exe"=
"H:\\Program Files\\Common Files\\AOL\\1141177936\\ee\\aim6.exe"=
"H:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"H:\\Program Files\\ABIT\\ABIT uGuru\\FlashMenu.exe"=
"H:\\Program Files\\ABIT\\FlashMenu\\FlashMenu.exe"=
"H:\\Program Files\\NetMeeting\\conf.exe"=
"H:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"H:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"H:\\WINDOWS\\system32\\LEXPPS.EXE"=
"H:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"H:\\StubInstaller.exe"=
"H:\\Program Files\\palmOne\\Palm.exe"=
"H:\\Program Files\\palmOne\\QuickInstall.exe"=
"H:\\Program Files\\palmOne\\Hotsync.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=
"H:\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Phantom EFX\\International Poker Tour\\Launcher\\OLCLauncher.exe"=
"H:\\Program Files\\Phantom EFX\\International Poker Tour\\bin\\OnlineCasino.exe"=
"H:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"H:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 uGuru;uGuru;H:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 18:52]
R2 ProcObsrv;ProcObsrv;H:\WINDOWS\system32\Drivers\ProcObsrv.sys [2004-02-27 12:04]
R3 dsNcAdpt;Juniper Network Connect Adapter;H:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 19:05]
S3 AC2003;AC2003;H:\WINDOWS\system32\Drivers\AC2003.sys [2003-12-10 03:21]
S3 Memctl;Memctl;H:\Program Files\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 20:49]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33054c2-f1a4-11db-a7a6-00508d60a246}]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2006-08-21 11:33:38 H:\WINDOWS\Tasks\Disk Cleanup.job"
- H:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 20:54:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: H:\WINDOWS\system32\winlogon.exe
-> H:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-03-17 20:55:09
ComboFix-quarantined-files.txt 2008-03-18 00:55:05
.
2008-03-12 07:01:39 --- E O F ---
Full Version: Hyjacked
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi,
The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.
The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.