MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please Help with this Hijack This Log
March 28, 2020, 09:07:17 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
March 28, 2020, 09:07:17 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please Help with this Hijack This Log  (Read 1455 times)
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« on: October 30, 2010, 04:47:19 PM »

Windows Vista
I have run spybot, trend micro, adaware and now this hijack this.


Logfile of HijackThis v1.99.1
Scan saved at 12:45:05 PM, on 30/10/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Johnsons\Documents\Spyware, Adware and Virus Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/default.aspx?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3611
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3611
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3611
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [TSC] "C:\Users\Johnsons\AppData\Local\Temp\HouseCall\tsc.exe" /HD
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Johnsons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [My Security Shield] "C:\ProgramData\ce80ce\MSce8_290.exe" /s /d
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9880b431fef90) (gupdate1c9880b431fef90) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 30, 2010, 10:12:12 PM »

What problem are you having.?
Logged

An Australian Member of

EDDY
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #2 on: October 31, 2010, 12:16:56 AM »

Its my dad's computer so I haven't seen the problem first hand but the computer is very slow 95% of the time (started a few weeks ago) and every once in a while he gets a bunch of pop-ups saying that he has trojans and spyware etc.  I will see if he can take a screen cap or two of the pop-ups. 

Do you see anything that stands out?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: October 31, 2010, 01:14:13 AM »


Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix and place it on your Desktop.



http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Alternate link: GeeksToGo.com
http://subs.geekstogo.com/ComboFix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing  before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.








Logged

An Australian Member of

EDDY
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #4 on: November 05, 2010, 02:25:11 AM »

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Database version: 5009
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975
 
31/10/2010 9:10:51 PM
mbam-log-2010-10-31 (21-10-51).txt
 
Scan type: Quick scan
Objects scanned: 138944
Time elapsed: 6 minute(s), 24 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\my security shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
C:\Users\Johnsons\AppData\Roaming\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully.



Logged

 
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #5 on: November 05, 2010, 02:25:42 AM »

Malwarebytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Database version: 5009
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
 
31/10/2010 10:26:18 PM
mbam-log-2010-10-31 (22-26-18).txt
 
Scan type: Quick scan
Objects scanned: 140120
Time elapsed: 8 minute(s), 41 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)



Logged

 
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #6 on: November 05, 2010, 02:26:18 AM »


Combofix Part 1


ComboFix 10-11-03.04 - Johnsons 04/11/2010  20:08:02.1.2 - x86
Running from: c:\users\Johnsons\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\windows
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Johnsons\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Johnsons\Documents\DPE.DUS
c:\users\Johnsons\InstallGarminCommunicatorPlugin_262.exe

c:\windows\system32\kernel32.dll . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2010-10-05 to 2010-11-05  )))))))))))))))))))))))))))))))
.

2010-11-05 00:27 . 2010-11-05 00:30   --------   d-----w-   c:\users\Johnsons\AppData\Local\temp
2010-11-05 00:27 . 2010-11-05 00:27   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-11-01 01:00 . 2010-11-01 01:00   --------   d-----w-   c:\users\Johnsons\AppData\Roaming\Malwarebytes
2010-11-01 01:00 . 2010-11-01 01:00   --------   d-----w-   c:\programdata\Malwarebytes
2010-11-01 01:00 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-01 01:00 . 2010-11-01 01:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-01 01:00 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-30 16:44 . 2006-12-12 15:01   155648   ----a-w-   c:\windows\system32\igfxres.dll
2010-10-30 15:46 . 2010-10-30 15:47   1913056   ----a-w-   c:\users\Johnsons\HousecallLauncher.exe
2010-10-27 05:08 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2010-10-27 05:08 . 2010-08-26 16:33   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-10-27 05:08 . 2010-08-26 14:23   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 01:08 . 2010-10-25 01:08   --------   d-----w-   c:\windows\en
2010-10-25 00:50 . 2009-09-04 21:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2010-10-25 00:50 . 2009-09-04 21:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2010-10-25 00:50 . 2009-09-04 21:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2010-10-25 00:49 . 2010-10-25 00:49   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6fd735a01cb73de16\DSETUP.dll
2010-10-25 00:49 . 2010-10-25 00:49   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6fd735a01cb73de16\DXSETUP.exe
2010-10-25 00:49 . 2010-10-25 00:49   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6fd735a01cb73de16\dsetup32.dll
2010-10-25 00:49 . 2010-10-25 00:49   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6b82f6b01cb73de15\DSETUP.dll
2010-10-25 00:49 . 2010-10-25 00:49   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6b82f6b01cb73de15\DXSETUP.exe
2010-10-25 00:49 . 2010-10-25 00:49   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\6b82f6b01cb73de15\dsetup32.dll
2010-10-25 00:41 . 2010-11-01 01:23   --------   d-----w-   c:\users\Johnsons\AppData\Local\Windows Live
2010-10-25 00:37 . 2009-08-04 08:02   754688   ----a-w-   c:\windows\system32\webservices.dll
2010-10-14 17:48 . 2010-09-13 13:56   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-10-14 17:48 . 2010-09-13 13:56   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 17:48 . 2010-09-06 16:20   125952   ----a-w-   c:\windows\system32\srvsvc.dll
2010-10-14 17:48 . 2010-09-06 16:19   17920   ----a-w-   c:\windows\system32\netevent.dll
2010-10-14 17:48 . 2010-09-06 13:45   304128   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-10-14 17:48 . 2010-09-06 13:45   145408   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-10-14 17:48 . 2010-09-06 13:45   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2010-10-11 20:14 . 2010-10-11 20:14   --------   d-----w-   c:\users\Johnsons\AppData\Local\Unity

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 02:55 . 2009-11-12 03:00   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-10-19 15:41 . 2009-10-03 01:39   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-23 04:47 . 2010-09-23 04:47   49016   ----a-w-   c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32   301936   ----a-w-   c:\windows\WLXPGSS.SCR
2010-08-26 16:33 . 2010-10-27 05:08   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 05:08   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 05:08   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 05:08   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-14 20:47   128000   ----a-w-   c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-09-23 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-01-16 4519832]
"cdloader"="c:\users\Johnsons\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-04 928496]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: November 05, 2010, 03:01:11 AM »

As this file c:\windows\system32\kernel32.dll is infected you will have to replace it with a new copy.You can get a copy here: http://www.dlldump.com/download-dll-files_new.php/dllfiles/K/kernel32.dll/5.1.2600.2180/download.html
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 21, 2018, 09:00:35 PM