Logfile of HijackThis v1.99.1
Scan saved at 11:55:36 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\saqexzvA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\v1201.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\ms041818278-134.exe
C:\PROGRA~1\COMMON~1\ifwz\ifwzm.exe
C:\PROGRA~1\COMMON~1\ifwz\ifwza.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\cfg32a.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Gage\LOCALS~1\Temp\Rar$EX00.693\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ajyyy.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kegcknv.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {51602DCF-BF22-ADD2-BF8D-BACF6354B28D} - C:\WINDOWS\mojxb.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [saqexzvA] C:\WINDOWS\saqexzvA.exe
O4 - HKLM\..\Run: [ppg8e0be] RUNDLL32.EXE w0b8d921.dll,n 0018e0bd000000030b8d921
O4 - HKLM\..\Run: [w0b8f0b7.dll] RUNDLL32.EXE w0b8f0b7.dll,I2 0018e0bd00b8f0b7
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ms041818278-134] C:\WINDOWS\ms041818278-134.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ifwz] C:\PROGRA~1\COMMON~1\ifwz\ifwzm.exe
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\system32\1201.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
0
Am I Infected?
Started by homerguy, Jul 04 2006 03:56 AM
1 reply to this topic
#2 OFFLINE
-
- Moderators
-
- 1,537 posts
Forum Moderator
- Gender:Male
- Location:Glendale, AZ
- Interests:CCleaner, Computers, and Movies
Posted 04 July 2006 - 04:04 AM
MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: V1201.EXE
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Trojan Downloader
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: TROJAN
* Protection: Prevx1 will protect, disinfect, cleanup and remove V1201.EXE
* Non Prevx Users: New users may cleanup and remove V1201.EXE for free using the regular Prevx1 download
* First seen: Nov 1 2005 (GMT)
* Last seen: Today (GMT)
* File Size: 110,592 bytes
V1201.EXE INFO AND REMOVAL
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32A.EXE
* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Malware
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32A.EXE
* Non Prevx Users: New users may cleanup and remove CFG32A.EXE for free using the regular Prevx1 download
* First seen: Jun 1 2006 (GMT)
* Last seen: Jun 1 2006 (GMT)
* File Size: 1,392,640 bytes
CFG32A.EXE INFO AND REMOVAL
MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32R.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Malware
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32R.DLL
* Non Prevx Users: New users may cleanup and remove CFG32R.DLL for free using the regular Prevx1 download
* First seen: May 10 2006 (GMT)
* Last seen: Today (GMT)
* File Size: 102,400 bytes
CFG32R.DLL INFO AND REMOVAL
MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32O.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Trojan MitGlieder GB
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: TROJAN
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32O.DLL
* Non Prevx Users: New users may cleanup and remove CFG32O.DLL for free using the regular Prevx1 download
* First seen: May 10 2006 (GMT)
* Last seen: Today (GMT)
* File Size: 110,592 bytes
CFG32O.DLL INFO AND REMOVAL
That's just the beginning, you are pretty infected man...
I recommend doing the following: http://forum.ccleane...?showtopic=3505
DEFINITION OF: V1201.EXE
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Trojan Downloader
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: TROJAN
* Protection: Prevx1 will protect, disinfect, cleanup and remove V1201.EXE
* Non Prevx Users: New users may cleanup and remove V1201.EXE for free using the regular Prevx1 download
* First seen: Nov 1 2005 (GMT)
* Last seen: Today (GMT)
* File Size: 110,592 bytes
V1201.EXE INFO AND REMOVAL
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32A.EXE
* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Malware
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32A.EXE
* Non Prevx Users: New users may cleanup and remove CFG32A.EXE for free using the regular Prevx1 download
* First seen: Jun 1 2006 (GMT)
* Last seen: Jun 1 2006 (GMT)
* File Size: 1,392,640 bytes
CFG32A.EXE INFO AND REMOVAL
MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32R.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Malware
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32R.DLL
* Non Prevx Users: New users may cleanup and remove CFG32R.DLL for free using the regular Prevx1 download
* First seen: May 10 2006 (GMT)
* Last seen: Today (GMT)
* File Size: 102,400 bytes
CFG32R.DLL INFO AND REMOVAL
MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: CFG32O.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Possibly part of Malware group - Trojan MitGlieder GB
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: TROJAN
* Protection: Prevx1 will protect, disinfect, cleanup and remove CFG32O.DLL
* Non Prevx Users: New users may cleanup and remove CFG32O.DLL for free using the regular Prevx1 download
* First seen: May 10 2006 (GMT)
* Last seen: Today (GMT)
* File Size: 110,592 bytes
CFG32O.DLL INFO AND REMOVAL
That's just the beginning, you are pretty infected man...
I recommend doing the following: http://forum.ccleane...?showtopic=3505
