|
|
|
I NEED HELP WITH VIRUS
|
|
|
laxos
Suspended permanently
|
3. September 2008 @ 02:11 |
Link to this message
|
Hi recently alot of virus's have been on my computer i am running windows vista, i dont know where they came from Norton internet security 2008 deleted them and blocked them all so i thought i was ok but now when my computer is on internet explorer automaticly opens up and launches a website address the address is http://85.12.43.75/tst20.html the webpage is white black but all these virus's start to come in my computer and norton still removes them this webpage http://85.12.43.75/tst20.html opens regually like every 10 minutes. also i cant use internet explorer or mozzila firefox without right clicking on the icon and opening them as administrator.
another problem i have i dont know if its because of the virus's but whenever i boot my computer up it has a black screen and a windows explorer window opens EXAMPLE MY DOCUMENTS. so i cant see the desktop icons or start bar i found i way to go into the computer i hold ctrl alt dlt then click task manager then click run and type in explorer....
that makes the computer desktop and all open do yeah i have alot of problems with my pc.
|
|
Advertisement
|
|
|
|
Senior Member
|
5. September 2008 @ 11:28 |
Link to this message
|
Hi laxos
Sounds like a bad malware. However, the symptons you have are quite common and easily fixed.
Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis.
Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
laxos
Suspended permanently
|
6. September 2008 @ 04:01 |
Link to this message
|
Hi, thanks alot for the help i got the log file here it is....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:13 PM, on 6/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\hrmrqeovr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\James\Desktop\scanner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\Desktop\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\sSMfebxu.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\James\AppData\Local\Temp\iifcCroP.dll,#1
O4 - HKCU\..\Run: [lphc5mqj0en9c] C:\Windows\system32\lphc5mqj0en9c.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\James\AppData\Local\Temp\pmNgffFY.dll,c
O4 - HKCU\..\Run: [BM9bb80060] Rundll32.exe "C:\Users\James\AppData\Local\Temp\ayqbnmii.dll",s
O4 - HKCU\..\Run: [988b33fc] rundll32.exe "C:\Users\James\AppData\Local\Temp\imdjjsyo.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe
O4 - Startup: Windows Explorer.lnk = D:\Windows\explorer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9179 bytes
|
Senior Member
|
6. September 2008 @ 09:41 |
Link to this message
|
Uh oh... it's a bad case of malware, including at least one rootkit. We'll try to dent it first before removing every single trace of it.
Now, please download Combofix.
With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the Comobofix window, as it may cause it to stall.
After that, post a new HijackThis log.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
laxos
Suspended permanently
|
6. September 2008 @ 10:15 |
Link to this message
|
Hi, thank you so much for helping me here is the combofix log...
ComboFix 08-09-05.02 - James 2008-09-06 23:51:01.1 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1300 [GMT 10:00]
Running from: C:\Users\James\Desktop\combo-fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\James\AppData\Local\Temp\imdjjsyo.dll
C:\Users\James\AppData\Local\Temp\pmNgffFY.dll
C:\Windows\system32\sSMfebxu.dll
C:\Windows\system32\yAtTljgD.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-05 16:15 . 2008-09-05 16:15 156 --a------ C:\Windows\Twunk001.MTX
2008-09-05 16:15 . 2008-09-05 16:15 2 --a------ C:\Windows\Twain001.Mtx
2008-09-05 16:15 . 2008-09-05 16:15 0 --a------ C:\Windows\Twunk002.MTX
2008-09-03 19:34 . 2008-09-03 19:34 <DIR> d-------- C:\Program Files\PSP Pandora Deluxe
2008-09-03 15:35 . 2008-09-03 15:35 <DIR> d-------- C:\Program Files\Opera
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\Users\All Users\SpeedBit
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\ProgramData\SpeedBit
2008-09-01 20:30 . 2008-09-01 20:32 <DIR> d-------- C:\Program Files\DAP
2008-09-01 20:30 . 2008-09-01 20:30 479,298 --a------ C:\Windows\System32\wbocx.ocx
2008-09-01 20:30 . 2008-09-01 20:30 172,032 --a------ C:\Windows\System32\AniGIF.ocx
2008-09-01 20:30 . 2008-09-01 20:30 50,688 --a------ C:\Windows\System32\wbhelp2.dll
2008-08-28 19:46 . 2008-09-06 23:58 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-08-27 17:50 . 2008-09-05 18:49 <DIR> d-------- C:\Users\James\AppData\Roaming\LimeWire
2008-08-27 17:50 . 2008-08-27 17:50 <DIR> d-------- C:\Program Files\LimeWire
2008-08-25 18:46 . 2007-10-26 23:29 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-08-25 18:46 . 2007-10-26 23:29 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Program Files\3 Mobile
2008-08-25 03:02 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-25 01:57 . 2008-06-27 11:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-25 01:57 . 2008-06-27 14:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-25 01:57 . 2008-04-10 15:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-25 01:57 . 2008-06-19 13:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-25 01:57 . 2008-04-18 15:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-11 16:39 . 2008-08-11 17:22 <DIR> d-------- C:\Users\James\AppData\Roaming\Download Manager
2008-08-06 20:43 . 2008-08-06 20:43 <DIR> d-------- C:\Team17
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 13:45 --------- d---a-w C:\ProgramData\TEMP
2008-09-06 04:45 --------- d-----w C:\ProgramData\Symantec
2008-09-05 06:09 --------- d-----w C:\Users\James\AppData\Roaming\Any Video Converter
2008-09-04 22:35 --------- d-----w C:\Users\James\AppData\Roaming\uTorrent
2008-08-29 09:57 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-29 09:56 --------- d-----w C:\Program Files\OpenAL
2008-08-29 09:56 --------- d-----w C:\Program Files\Google
2008-08-25 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 17:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 06:37 --------- d-----w C:\Program Files\Java
2008-08-06 10:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 09:00 --------- d-----w C:\Program Files\Alex Feinman
2008-07-30 07:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 07:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 07:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-10 07:07 --------- d-----w C:\Users\James\AppData\Roaming\DVD Flick
2008-07-09 06:26 --------- d-----w C:\Program Files\Any Video Converter
2008-07-09 06:17 --------- d-----w C:\Program Files\Cucusoft
2008-07-06 07:14 --------- d-----w C:\Program Files\Resource Tuner
2008-07-06 07:04 1,954,304 ----a-w C:\Users\James\authuiff.dll
2008-07-06 07:02 --------- d-----w C:\Users\James\AppData\Roaming\Resource Tuner
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-09 03:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-09 02:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-09 02:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-01-19 07:33 1,985,024 ----a-w C:\Users\James\authui.dll
2006-07-20 08:38 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2006-07-20 08:38 56 ---ha-w C:\ProgramData\ezsidmv.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-15 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"googletalk"="C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 C:\Windows\RtHDVCpl.exe]
C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hrmrqeovr.lnk - C:\Windows\System32\hrmrqeovr.exe [2008-05-18 57344]
Windows Explorer.lnk - C:\Windows\explorer.exe [2008-06-05 2927104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 12:58 495616 C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{185163F3-5BAA-47F7-841E-AE901CAF3060}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{43A7D58C-91E3-43DF-9BAC-91B837C3A930}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{92D1300C-1B02-41FE-B764-A2478805C571}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5836B5DD-673F-4A40-A043-BDAE6801F7EB}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8B45BB13-35EF-4CEE-AF8E-61FCC5C51FCC}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{D9495D4F-407D-420B-8D89-202CD2686A3D}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{308754DA-E75D-46F6-AD8D-AD7D6019E0C5}"= UDP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher
"{11752CD2-782A-4C7B-9FBA-6F4D1B89A511}"= TCP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher
"{9E7A66C3-9D45-4295-A12B-13A9DE1FD82F}"= UDP:C:\Program Files\Sega\The Club\TheClub.exe:The Club
"{129A221D-4850-407F-AB15-D1167076D0A6}"= TCP:C:\Program Files\Sega\The Club\TheClub.exe:The Club
"{2D664027-7030-4D28-BC4B-DC8F69545AAA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B95E5F2E-CFAB-4F69-8B6C-FDBCF8D7ECFB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2E554F27-0C46-4C45-9502-63B1B6ADFF33}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 atkdisplf;ATK Kernel Mode Enhanced Driver;C:\Windows\system32\Drivers\atkdisplowfilter.sys [2007-04-26 19968]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.002\IDSvix86.sys [2008-02-14 261680]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2007-12-20 28672]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-05-03 256000]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 USB28xxBGA;USB 2860 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-31 479744]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-31 38656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb8e-74c5-11dd-b7fd-001bfc0e940a}]
\shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb95-74c5-11dd-b7fd-001bfc0e940a}]
\shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb9c-74c5-11dd-b7fd-001bfc0e940a}]
\shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6e1-71ff-11dd-aaef-001bfc0e940a}]
\shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6f8-71ff-11dd-aaef-001bfc0e940a}]
\shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-lphc5mqj0en9c - C:\Windows\system32\lphc5mqj0en9c.exe
HKLM-Run-System Files Updater - C:\Windows\FlyakiteOSX\System Files Updater.exe
HKLM-Run-MSServer - C:\Windows\system32\sSMfebxu.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\matc2jny.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 00:01:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-09-07 0:04:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 14:04:13
Pre-Run: 178,657,914,880 bytes free
Post-Run: 182,167,552,000 bytes free
207 --- E O F --- 2008-08-24 17:03:52
And here is the hijackthis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:43 AM, on 7/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\James\Desktop\scanner.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe
O4 - Startup: Windows Explorer.lnk = D:\Windows\explorer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7820 bytes
Thank you so much for helping me!!!!!!
|
Senior Member
|
6. September 2008 @ 10:23 |
Link to this message
|
Good. That put a dent in your malware. While I'm looking over your logs, please do the following:
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPWYARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Close all browsers.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
laxos
Suspended permanently
|
6. September 2008 @ 20:56 |
Link to this message
|
Hi, here is the log for superantispyware, thanks again for helping me :)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/07/2008 at 10:42 AM
Application Version : 4.21.1004
Core Rules Database Version : 3558
Trace Rules Database Version: 1546
Scan type : Complete Scan
Total Scan Time : 01:07:25
Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 6782
Registry threats detected : 2
File items scanned : 132317
File threats detected : 1
Adware.Tracking Cookie
C:\Users\James\AppData\Roaming\Microsoft\Windows\Cookies\james@clicktorrent[1].txt
Trojan.FakeAlert/Desktop
HKU\S-1-5-21-443309550-2770032704-453357317-1000\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER
HKU\S-1-5-21-443309550-2770032704-453357317-1000\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER
|
Senior Member
|
7. September 2008 @ 02:50 |
Link to this message
|
Hey laxos
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
O4 - Startup: hrmrqeovr.lnk = C:\Windows\System32\hrmrqeovr.exe
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
Open Notepad and copy/paste the text in the code box below into it:
File::
C:\Windows\System32\hrmrqeovr.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb8e-74c5-11dd-b7fd-001bfc0e940a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb95-74c5-11dd-b7fd-001bfc0e940a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdeb9c-74c5-11dd-b7fd-001bfc0e940a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6e1-71ff-11dd-aaef-001bfc0e940a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75afe6f8-71ff-11dd-aaef-001bfc0e940a}]
Save this as CFScript.txt in the same folder as Combofix
Then drag the CFScript.txt into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Also, upload D:\Windows\explorer.exe to www.virustotal.com. Post the results here.
Tell me how's your computer doing.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
laxos
Suspended permanently
|
7. September 2008 @ 05:51 |
Link to this message
|
Hi here is the combofix log
ComboFix 08-09-05.02 - James 2008-09-07 19:42:31.2 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1079 [GMT 10:00]
Running from: C:\Users\James\Desktop\combo-fix.exe
Command switches used :: C:\Users\James\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\hrmrqeovr.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-07 11:45 . 2008-09-07 11:45 <DIR> d-------- C:\Windows\System32\Adobe
2008-09-07 11:42 . 2008-09-01 20:30 251,392 --a------ C:\dapop.dll
2008-09-07 09:27 . 2008-09-07 09:27 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-07 09:27 . 2008-09-07 09:27 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-07 09:26 . 2008-09-07 09:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 16:15 . 2008-09-05 16:15 156 --a------ C:\Windows\Twunk001.MTX
2008-09-05 16:15 . 2008-09-05 16:15 2 --a------ C:\Windows\Twain001.Mtx
2008-09-05 16:15 . 2008-09-05 16:15 0 --a------ C:\Windows\Twunk002.MTX
2008-09-03 19:34 . 2008-09-03 19:34 <DIR> d-------- C:\Program Files\PSP Pandora Deluxe
2008-09-03 15:35 . 2008-09-03 15:35 <DIR> d-------- C:\Program Files\Opera
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\Users\All Users\SpeedBit
2008-09-01 20:31 . 2008-09-01 20:31 <DIR> d-------- C:\ProgramData\SpeedBit
2008-09-01 20:30 . 2008-09-01 20:32 <DIR> d-------- C:\Program Files\DAP
2008-09-01 20:30 . 2008-09-01 20:30 479,298 --a------ C:\Windows\System32\wbocx.ocx
2008-09-01 20:30 . 2008-09-01 20:30 172,032 --a------ C:\Windows\System32\AniGIF.ocx
2008-09-01 20:30 . 2008-09-01 20:30 50,688 --a------ C:\Windows\System32\wbhelp2.dll
2008-08-28 19:46 . 2008-09-07 10:53 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-08-27 17:50 . 2008-09-05 18:49 <DIR> d-------- C:\Users\James\AppData\Roaming\LimeWire
2008-08-27 17:50 . 2008-08-27 17:50 <DIR> d-------- C:\Program Files\LimeWire
2008-08-25 18:46 . 2007-10-26 23:29 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-08-25 18:46 . 2007-10-26 23:29 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Program Files\3 Mobile
2008-08-25 03:02 . 2008-07-16 11:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-25 01:57 . 2008-06-27 11:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-25 01:57 . 2008-06-27 14:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-25 01:57 . 2008-04-10 15:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-25 01:57 . 2008-06-19 13:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-25 01:57 . 2008-04-18 15:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-11 16:39 . 2008-08-11 17:22 <DIR> d-------- C:\Users\James\AppData\Roaming\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 05:08 --------- d-----w C:\ProgramData\Symantec
2008-09-07 01:44 --------- d---a-w C:\ProgramData\TEMP
2008-09-05 06:09 --------- d-----w C:\Users\James\AppData\Roaming\Any Video Converter
2008-09-04 22:35 --------- d-----w C:\Users\James\AppData\Roaming\uTorrent
2008-08-29 09:57 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-29 09:56 --------- d-----w C:\Program Files\OpenAL
2008-08-29 09:56 --------- d-----w C:\Program Files\Google
2008-08-25 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 17:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 06:37 --------- d-----w C:\Program Files\Java
2008-08-06 10:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 09:00 --------- d-----w C:\Program Files\Alex Feinman
2008-07-30 07:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 07:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 07:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-10 07:07 --------- d-----w C:\Users\James\AppData\Roaming\DVD Flick
2008-07-09 06:26 --------- d-----w C:\Program Files\Any Video Converter
2008-07-09 06:17 --------- d-----w C:\Program Files\Cucusoft
2008-07-06 07:04 1,954,304 ----a-w C:\Users\James\authuiff.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-09 03:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-09 02:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-09 02:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-01-19 07:33 1,985,024 ----a-w C:\Users\James\authui.dll
2006-07-20 08:38 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2006-07-20 08:38 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-09-01 10:30 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_ 0.02.46.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-06 23:27:03 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-06 23:27:03 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-09-06 13:57:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-07 00:52:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-06 13:57:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-07 00:52:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-06 13:58:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 00:54:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 00:54:07 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-06 13:59:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 09:45:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 09:45:25 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-08-06 06:22:02 114,688 ----a-w C:\Windows\System32\Adobe\Director\np32dsw.dll
+ 2008-08-06 06:30:48 202,168 ----a-w C:\Windows\System32\Adobe\Director\SwDir.dll
+ 2008-08-06 06:22:42 499,712 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 05:45:40 1,798,144 ----a-w C:\Windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 06:22:44 9,216 ----a-w C:\Windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 05:35:52 706,048 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 05:35:52 1,145,896 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 05:35:52 52,288 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 05:42:04 892,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 05:35:52 54,656 ----a-w C:\Windows\System32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 06:21:14 266,240 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 06:24:14 446,464 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 06:30:30 447,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 06:24:56 114,688 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 06:21:04 94,208 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 05:35:52 50,808 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-09-07 01:47:05 234,872 ----atw C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe
+ 1999-06-25 00:55:30 149,504 ----a-w C:\Windows\System32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-09-06 13:38:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 09:15:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-06 13:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 09:15:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-06 13:38:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 09:15:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-06 13:45:04 105,448 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 00:57:38 105,448 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-06 13:45:04 599,942 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 00:57:38 599,942 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-06 14:00:25 9,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443309550-2770032704-453357317-1000_UserData.bin
+ 2008-09-07 00:54:57 9,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443309550-2770032704-453357317-1000_UserData.bin
- 2008-09-06 14:00:24 61,010 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 00:54:57 61,412 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-06 14:00:16 36,574 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 00:54:55 37,082 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-15 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"googletalk"="C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"symPCCheckup"="C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-09-07 234872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{185163F3-5BAA-47F7-841E-AE901CAF3060}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{43A7D58C-91E3-43DF-9BAC-91B837C3A930}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{92D1300C-1B02-41FE-B764-A2478805C571}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5836B5DD-673F-4A40-A043-BDAE6801F7EB}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8B45BB13-35EF-4CEE-AF8E-61FCC5C51FCC}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{D9495D4F-407D-420B-8D89-202CD2686A3D}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{308754DA-E75D-46F6-AD8D-AD7D6019E0C5}"= UDP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher
"{11752CD2-782A-4C7B-9FBA-6F4D1B89A511}"= TCP:C:\Program Files\Sega\The Club\Launcher.exe:The Club Launcher
"{9E7A66C3-9D45-4295-A12B-13A9DE1FD82F}"= UDP:C:\Program Files\Sega\The Club\TheClub.exe:The Club
"{129A221D-4850-407F-AB15-D1167076D0A6}"= TCP:C:\Program Files\Sega\The Club\TheClub.exe:The Club
"{2D664027-7030-4D28-BC4B-DC8F69545AAA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B95E5F2E-CFAB-4F69-8B6C-FDBCF8D7ECFB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2E554F27-0C46-4C45-9502-63B1B6ADFF33}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 atkdisplf;ATK Kernel Mode Enhanced Driver;C:\Windows\system32\Drivers\atkdisplowfilter.sys [2007-04-26 19968]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.002\IDSvix86.sys [2008-02-14 261680]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2007-12-20 28672]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2007-05-03 256000]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 USB28xxBGA;USB 2860 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-31 479744]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-31 38656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 19:45:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-07 19:47:41
ComboFix-quarantined-files.txt 2008-09-07 09:47:36
ComboFix2.txt 2008-09-06 14:04:34
Pre-Run: 184,089,485,312 bytes free
Post-Run: 184,059,678,720 bytes free
229 --- E O F --- 2008-08-24 17:03:52
And here is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:32 PM, on 7/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\James\Desktop\scanner.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [googletalk] C:\Users\James\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7845 bytes
I will now post to that website, THANKS ALOT AGAIN
|
|
laxos
Suspended permanently
|
7. September 2008 @ 05:56 |
Link to this message
|
Hi uploaded explorer.exe and here are the results, thanks again for all the help :)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - BlockReason.0
Additional information
MD5: ffa764631cb70a30065c12ef8e174f9f
SHA1: 756d276f00b25b702e54c1568e3a2ccb1c29c5a7
SHA256: b5559af2bb51134acea925ee633eb60d804e57848c1587ce0f9ff026e426d5f1
SHA512: 382441e813a2ca986ee44bf8fb53da3591b684a7d6ee26224033cfce61626e866cf8bbb890820b5eda8b4e14004d7c3ead58c0b9912754f54dc137637d9a4f9f
|
|
laxos
Suspended permanently
|
7. September 2008 @ 06:00 |
Link to this message
|
Hi uploaded the file and got results again because i think i did something wrong the first time cause it didnt come up with as much text but yeah i just trying to be sure im doing everything right heres the 2nd time results....
Antivirus Version Last Update Result
AhnLab-V3 2008.9.6.0 2008.09.06 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.06 -
Avast 4.8.1195.0 2008.09.06 -
AVG 8.0.0.161 2008.09.07 -
BitDefender 7.2 2008.09.07 -
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.07 -
DrWeb 4.44.0.09170 2008.09.07 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6072 2008.09.05 -
Ewido 4.0 2008.09.06 -
F-Prot 4.4.4.56 2008.09.06 -
F-Secure 8.0.14332.0 2008.09.07 -
Fortinet 3.112.0.0 2008.09.07 -
GData 19 2008.09.07 -
Ikarus T3.1.1.34.0 2008.09.07 -
K7AntiVirus 7.10.443 2008.09.05 -
Kaspersky 7.0.0.125 2008.09.07 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.07 -
NOD32v2 3423 2008.09.06 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.06 -
PCTools 4.4.2.0 2008.09.06 -
Prevx1 V2 2008.09.07 -
Rising 20.60.62.00 2008.09.07 -
Sophos 4.33.0 2008.09.07 -
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.07 -
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.06 -
ViRobot 2008.9.5.1365 2008.09.06 -
VirusBuster 4.5.11.0 2008.09.06 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Additional information
File size: 2927104 bytes
MD5...: ffa764631cb70a30065c12ef8e174f9f
SHA1..: 756d276f00b25b702e54c1568e3a2ccb1c29c5a7
SHA256: b5559af2bb51134acea925ee633eb60d804e57848c1587ce0f9ff026e426d5f1
SHA512: 382441e813a2ca986ee44bf8fb53da3591b684a7d6ee26224033cfce61626e86
6cf8bbb890820b5eda8b4e14004d7c3ead58c0b9912754f54dc137637d9a4f9f
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10271b3
timedatestamp.....: 0x47918e5d (Sat Jan 19 05:45:01 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6bef5 0x6c000 6.42 0264ce946997d690218abb5cdcf29bbf
.data 0x6d000 0x215c 0x2000 0.84 96e80324a19c078ea177dfb10dea1f46
.rsrc 0x70000 0x2566a0 0x256800 7.04 1d509f2829c8d8d436b27869ab7dc5b6
.reloc 0x2c7000 0x5a30 0x5c00 6.74 81869fc317307f61983fb603a2e18197
( 19 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
> KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook
> GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps
> USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync
> msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode
> ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
> SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, -
> SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, -, SHGetFolderLocation, -, -, -, -
> ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear
> OLEAUT32.dll: -, -, -, -, -, -
> SHDOCVW.dll: -, -
> UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect
> POWRPROF.dll: GetPwrCapabilities
> dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail
> gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode
> slc.dll: SLGetWindowsInformationDWORD
> RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW
> PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc
> BROWSEUI.dll: -, -
|
|
sappy72
Newbie
|
7. September 2008 @ 06:27 |
Link to this message
|
|
My brother-in-law asked me to fix his computer, and it has this exact same virus.
Can I follow the instruction that have already been given and fix his laptop? Or do I have to do a brand new thread and post all my logs too?
Thanks...
|
|
laxos
Suspended permanently
|
7. September 2008 @ 07:29 |
Link to this message
|
|
You probobly couldn't because your infection may be located at a different location then mine,but if i were you i would wait for the guy thats helping me, to reply....
|
|
laxos
Suspended permanently
|
7. September 2008 @ 07:32 |
Link to this message
|
|
Hi cdavfrew, my computer is working perfectly and all but i just want to be sure the malware is completely removed so i dont have to go through this process again, Thanks
|
|
domsmith
Newbie
|
7. September 2008 @ 10:06 |
Link to this message
|
hi, i have thesame thing to, i downlade the programme and did what you said. here ae list of my results:
(by the way,please dont use this to yor advantage the people looking here)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:57, on 07/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Windows\vVX6000.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dominic Smith\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Dominic Smith\Downloads\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0A795FE-DEE0-4383-9078-9ADC1CC150C1} - C:\Windows\system32\byXPHyaa.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPHyaa.dll,#1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\Dominic Smith\svchost.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\efcARlii.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\byXRhEWq.dll,#1
O4 - HKCU\..\Run: [acccd2dc] rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\illglryw.dll",b
O4 - HKCU\..\Run: [BMafffe140] Rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\bmmjfmhj.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2006...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe
--
End of file - 12760 bytes
|
|
domsmith
Newbie
|
7. September 2008 @ 10:27 |
Link to this message
|
coud you please do the sae for mine, if you did i would really be pleased!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:57, on 07/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Windows\vVX6000.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\atwtusb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dominic Smith\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Dominic Smith\Downloads\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0A795FE-DEE0-4383-9078-9ADC1CC150C1} - C:\Windows\system32\byXPHyaa.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPHyaa.dll,#1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\Dominic Smith\svchost.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\efcARlii.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DOMINI~1\AppData\Local\Temp\byXRhEWq.dll,#1
O4 - HKCU\..\Run: [acccd2dc] rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\illglryw.dll",b
O4 - HKCU\..\Run: [BMafffe140] Rundll32.exe "C:\Users\DOMINI~1\AppData\Local\Temp\bmmjfmhj.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2006...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe
--
End of file - 12760 bytes
|
|
domsmith
Newbie
|
7. September 2008 @ 10:49 |
Link to this message
|
|
sorry for doing 2
|
|
Advertisement
|
|
|
Senior Member
|
7. September 2008 @ 23:12 |
Link to this message
|
|
to laxos:
You now look squeaky clean. You are good.
to everyone else:
Woah... I'll get to you, but no point crowding laxos's thread. Open a new thread, and you will be helped.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
