• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
arunsn25

Unidentified Malware Attack

3 posts in this topic

Hi,

 

I have the iexplore.exe process running even though I have not opened the IE browser. In order that the malware not connect to the website, I have disabled the IE browser by setting the proxy to 0.0.0.0 and am using Firefox. Apparently, this malware looks like using the iexplore.exe process to run itself. Please help! Below are the ad-aware logs and the HijackThis logs:

 

============

ad-aware logs:

============

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, June 01, 2007 1:02:32 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R173 29.05.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):8 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

6-1-2007 1:02:32 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\slimy legs and all\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\slimy legs and all\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3803668695-1312990295-2953100232-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3803668695-1312990295-2953100232-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3803668695-1312990295-2953100232-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3803668695-1312990295-2953100232-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3803668695-1312990295-2953100232-1006\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 692

ThreadCreationTime : 5-30-2007 7:53:07 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 740

ThreadCreationTime : 5-30-2007 7:53:09 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 5-30-2007 7:53:09 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 808

ThreadCreationTime : 5-30-2007 7:53:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 820

ThreadCreationTime : 5-30-2007 7:53:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 976

ThreadCreationTime : 5-30-2007 7:53:10 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1048

ThreadCreationTime : 5-30-2007 7:53:10 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1088

ThreadCreationTime : 5-30-2007 7:53:10 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1176

ThreadCreationTime : 5-30-2007 7:53:11 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [avgrssvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1216

ThreadCreationTime : 5-30-2007 7:53:11 AM

BasePriority : Normal

FileVersion : 7.5.0.442

ProductVersion : 7.5.0.442

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Resident Shield Service

InternalName : avgrssvc

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgrssvc.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1336

ThreadCreationTime : 5-30-2007 7:53:14 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [wltrysvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1592

ThreadCreationTime : 5-30-2007 7:53:20 AM

BasePriority : Normal

 

 

#:13 [bcmwltry.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1604

ThreadCreationTime : 5-30-2007 7:53:21 AM

BasePriority : Normal

FileVersion : 3.100.41.0

ProductVersion : 3.100.41.0

ProductName : Dell Wireless WLAN Card Wireless Network Controller

CompanyName : Dell Inc

FileDescription : Dell Wireless WLAN Card Wireless Network Controller

InternalName : bcmwltry.exe

LegalCopyright : 1998-2004, Dell Inc All Rights Reserved.

OriginalFilename : bcmwltry.exe

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1700

ThreadCreationTime : 5-30-2007 7:53:23 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [avgamsvr.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 228

ThreadCreationTime : 5-30-2007 7:53:31 AM

BasePriority : Normal

FileVersion : 7.5.0.453

ProductVersion : 7.5.0.453

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:16 [avgupsvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 396

ThreadCreationTime : 5-30-2007 7:53:36 AM

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:17 [avgrssvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 516

ThreadCreationTime : 5-30-2007 7:53:39 AM

BasePriority : Normal

FileVersion : 7.5.0.442

ProductVersion : 7.5.0.442

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Resident Shield Service

InternalName : avgrssvc

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgrssvc.exe

 

#:18 [avgemc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 588

ThreadCreationTime : 5-30-2007 7:53:41 AM

BasePriority : Normal

FileVersion : 7.5.0.460

ProductVersion : 7.5.0.460

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG E-Mail Scanner

InternalName : avgemc

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgemc.exe

 

#:19 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\

ProcessID : 680

ThreadCreationTime : 5-30-2007 7:53:43 AM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:20 [nicconfigsvc.exe]

FilePath : C:\Program Files\Dell\NICCONFIGSVC\

ProcessID : 1112

ThreadCreationTime : 5-30-2007 7:53:46 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : NicConfigSvc

CompanyName : Dell Inc.

FileDescription : Internal Network Card Power Management Service

InternalName : TestMFCAppWiz

LegalCopyright : Copyright © 2004 Dell Inc.

OriginalFilename : NicConfigSvc.EXE

 

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 856

ThreadCreationTime : 5-30-2007 7:53:48 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:22 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1548

ThreadCreationTime : 5-30-2007 7:53:51 AM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:23 [avgfwsrv.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1736

ThreadCreationTime : 5-30-2007 7:53:54 AM

BasePriority : Normal

FileVersion : 7.5.0.469

ProductVersion : 7.5.0.469

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Firewall Service

InternalName : avgfwsrv

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgfwsrv.exe

 

#:24 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 1908

ThreadCreationTime : 5-30-2007 7:53:59 AM

BasePriority : Normal

FileVersion : 8.0.14 24Jun05

ProductVersion : 8.0.14 24Jun05

ProductName : Synaptics Pointing Device Driver

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Synaptics Enhancements Application

LegalCopyright : Copyright © Synaptics, Inc. 1996-2005

OriginalFilename : SynTPEnh.exe

 

#:25 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2024

ThreadCreationTime : 5-30-2007 7:54:00 AM

BasePriority : Normal

FileVersion : 3.0.0.4363

ProductVersion : 7.0.0.4363

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:26 [igfxpers.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 164

ThreadCreationTime : 5-30-2007 7:54:00 AM

BasePriority : Normal

FileVersion : 3.0.0.4363

ProductVersion : 7.0.0.4363

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : persistence Module

InternalName : PERSISTENCE

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXPERS.EXE

 

#:27 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\

ProcessID : 1804

ThreadCreationTime : 5-30-2007 7:54:01 AM

BasePriority : Normal

 

 

#:28 [stsystra.exe]

FilePath : C:\WINDOWS\

ProcessID : 320

ThreadCreationTime : 5-30-2007 7:54:01 AM

BasePriority : Normal

FileVersion : 1.0.4682.0 nd267 cp1

ProductVersion : 1.0.4682.0 nd267 cp1

ProductName : C-Major Audio

CompanyName : SigmaTel, Inc.

FileDescription : Sigmatel Audio system tray application

InternalName : stsystray.exe

LegalCopyright : Copyright © 2004-2005, SigmaTel, Inc.

OriginalFilename : stsystray.exe

 

#:29 [wltray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 340

ThreadCreationTime : 5-30-2007 7:54:02 AM

BasePriority : Normal

FileVersion : 3.100.41.0

ProductVersion : 3.100.41.0

ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet

CompanyName : Dell Inc

FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet

InternalName : wltray.exe

LegalCopyright : 1998-2004, Dell Inc All Rights Reserved.

OriginalFilename : wltray.exe

 

#:30 [dvdlauncher.exe]

FilePath : C:\Program Files\CyberLink\PowerDVD\

ProcessID : 448

ThreadCreationTime : 5-30-2007 7:54:02 AM

BasePriority : Normal

FileVersion : 3.00.0000

ProductVersion : 3.00.0000

ProductName : Cyberlink PowerCinema 3.0

CompanyName : CyberLink Corp.

FileDescription : CyberLink PowerCinema Resident Program

InternalName : CyberLink PowerCinema Resident Program

LegalCopyright : Copyright © 2003 CyberLink Corp.

OriginalFilename : DVDLauncher.EXE

 

#:31 [igfxsrvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 468

ThreadCreationTime : 5-30-2007 7:54:03 AM

BasePriority : Normal

FileVersion : 3.0.0.4363

ProductVersion : 7.0.0.4363

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxsrvc Module

InternalName : IGFXSRVC

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXSRVC.EXE

 

#:32 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla\

ProcessID : 548

ThreadCreationTime : 5-30-2007 7:54:04 AM

BasePriority : Normal

FileVersion : 1.04.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:33 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 1268

ThreadCreationTime : 5-30-2007 7:54:05 AM

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:34 [mediadetect.exe]

FilePath : C:\Program Files\Corel\Corel Photo Album 6\

ProcessID : 1464

ThreadCreationTime : 5-30-2007 7:54:06 AM

BasePriority : Normal

FileVersion : 6.0.0 (20050831.10)

ProductVersion : 6.0.0 (20050831.10)

ProductName : Corel Photo Album 6

CompanyName : Corel, Inc.

FileDescription : Corel Photo Album 6 Application

InternalName : Corel Photo Album 6

LegalCopyright : Copyright © 1995-2005

OriginalFilename : MediaDetect.exe

 

#:35 [avgcc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1348

ThreadCreationTime : 5-30-2007 7:54:08 AM

BasePriority : Normal

FileVersion : 7.5.0.460

ProductVersion : 7.5.0.460

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:36 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1772

ThreadCreationTime : 5-30-2007 7:54:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:37 [dsagnt.exe]

FilePath : C:\Program Files\DellSupport\

ProcessID : 2068

ThreadCreationTime : 5-30-2007 7:54:12 AM

BasePriority : Below Normal

FileVersion : 3, 0, 0, 197

ProductVersion : 3, 0, 0, 197

ProductName : Dell Support

CompanyName : Gteko Ltd.

FileDescription : Dell Support

InternalName : AUAgent

LegalCopyright : Copyright © 2000 - 2007 Gteko Ltd.

OriginalFilename : AUAgent.exe

 

#:38 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 2312

ThreadCreationTime : 5-30-2007 7:54:22 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:39 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2984

ThreadCreationTime : 5-30-2007 7:54:43 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:40 [ymsgr_tray.exe]

FilePath : C:\Program Files\Yahoo!\Messenger\

ProcessID : 3068

ThreadCreationTime : 5-30-2007 7:54:45 AM

BasePriority : Normal

 

 

#:41 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2192

ThreadCreationTime : 5-30-2007 7:55:36 AM

BasePriority : Normal

 

 

#:42 [wisptis.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2168

ThreadCreationTime : 5-30-2007 6:29:53 PM

BasePriority : High

FileVersion : 1.0.2201.0 (xpsp1.020820-1800)

ProductVersion : 1.0.2201.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Microsoft Tablet PC Platform Component

InternalName : WISPTIS.EXE

LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.

OriginalFilename : WISPTIS.EXE

 

#:43 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1196

ThreadCreationTime : 6-1-2007 4:09:31 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:44 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 3588

ThreadCreationTime : 6-1-2007 4:31:05 AM

BasePriority : Normal

FileVersion : 0.1.0.3492

ProductVersion : 0.1.0.3492

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:45 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 824

ThreadCreationTime : 6-1-2007 6:00:34 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 8

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

1:16:36 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:14:03.985

Objects scanned:155797

Objects identified:0

Objects ignored:0

New critical objects:0

 

 

 

 

============

HijackThis logs:

============

 

Logfile of HijackThis v1.99.1

Scan saved at 3:23:10 AM, on 6/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O11 - Options group: [iNTERNATIONAL] International*

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bfhebao.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

 

 

Please let me know if you require any more info!

 

Thanks a lot!

 

- A

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0