1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Suspecting Boaxxe on my system

Discussion in 'Virus & Other Malware Removal' started by Hypercite, Apr 10, 2010.

Thread Status:
Not open for further replies.
  1. Hypercite

    Hypercite Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    23
    Hi!

    I posted recently here about a weird problem with my USB ports, that problem is solved but I believe I might still have malware. A few weeks ago I was infected and Avast found:

    Boaxxe-S [Drp]

    and

    Trojan-gen

    Her is my HijackThis log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:30:05, on 2010-04-10
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program\Elantech\ETDCtrl.exe
    C:\Program\EeePC\ACPI\AsTray.exe
    C:\Program\EeePC\ACPI\AsEPCMon.exe
    C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avast5] C:\Program\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AutoRun OSCleaner.lnk = ?
    O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    --
    End of file - 5241 bytes

    Will run a Malwarebytes scan later today.
    Thanks for any help!

    Btw. I have some knowledge of computer but might need detailed info on some parts.
     
  2. Hypercite

    Hypercite Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    23
    I ran a Malwarebytes scan but it did not find anything, neither did Avast.
    I still have two problems though.
    It seems the virus created a new profile, called Admin I am sure this profile was not there before.
    My second "problem" is that every time I start the computer msconfig comes up...
    In the config under autostart there is still one program which avast previously detected wnia1lp1.exe, it is however diabled.

    How do I proceed? Am I Cured?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915956

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice