Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 09:02
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please analyse my hjt log, thank you.
Show topics
 
Forums
Forums
Please analyse my HJT log, thank you.
  Jump to:
 
Posted Message
BluRay
Senior Member
_ 		7. May 2009 @ 08:28 _ Link to this message    Send private message to this user   
Hello, its been like 100 years since I posted on AD, hope all the old peeps I knew before still around.

Anyways here is the HijackThis log, thanks for looking!:

Logfile of HijackThis v1.99.1
Scan saved at 13:23:34, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HJT\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ESET NOD32] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [RALINK Wireless] C:\Program Files\RALINK\Common\RaUI.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1157827580671
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promoti...anner371020.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\ c:\windows\system32\likebowa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe



Scan with Hijack this 2.0.2
its been ages since I used HJT and I never knew there was a newer version out, so I used that one below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:52, on 07/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ESET NOD32] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [RALINK Wireless] C:\Program Files\RALINK\Common\RaUI.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1157827580671
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promoti...anner371020.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\ c:\windows\system32\likebowa.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6375 bytes

Kind regards, Bluray.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.

This message has been edited since posting. Last time this message was edited on 7. May 2009 @ 08:35
Advertisement
_ 		__
2oldGeek
AfterDawn Addict
_ 		8. May 2009 @ 11:12 _ Link to this message    Send private message to this user   
BluRay,
You?ve got one little chink in your armor:

O20 - AppInit_DLLs: C:\WINDOWS\system32\ c:\windows\system32\likebowa.dll

likebowa.dll is a Trojan but can be removed with MBAM.

Do this:
Download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
That should take care of it?

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		8. May 2009 @ 16:19 _ Link to this message    Send private message to this user   
Okay Bro, did what you asked.

Here is the log file, I am just wondering why that likebowa thing was not found:

Malwarebytes' Anti-Malware 1.36
Database version: 2095
Windows 5.1.2600 Service Pack 2

08/05/2009 21:16:23
mbam-log-2009-05-08 (21-16-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 207562
Time elapsed: 52 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{61ddcb65-ffa8-42ee-9ab9-88ec8184120c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a4ab5d2e-ceae-4dd2-b99f-c9508575adc7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1be669b7-d464-438a-94a7-7fda6c47ba47} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\skinboxer43.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\Program Files\bangladictionary\bangaliana_dictionary_1.0.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skinboxer43.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

Just to let you know I had ESET NOD32 AV on whilst the scan was running, I disabled it half way through though.

Please get back to me.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		8. May 2009 @ 16:51 _ Link to this message    Send private message to this user   
Gee, BluRay, I don?t know why it didn?t show up but, Mayware has gotten so sophisticated that HJT is almost a thing of the past?. It?s only good to look for a few clues now. As you can see MBAM pulled out about 5 lurks that didn?t show in the HJT Log.

Do this and see if you can pull a few more out:

1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall








3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt

Also, please post a fresh HJT Log ver 2.02 ran after ComboFix and we?ll see what happens.

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		8. May 2009 @ 17:29 _ Link to this message    Send private message to this user   
Thanks 2oG. I ran the scan, obviously I can't make any sense of it. The log file erm is massive in terms of the width... If that makes sense, so I thought maybe you would like it as a txt file so I uploaded it you can download it from here --> http://www.islamfactory.com/ComboFixBluRay.txt

As for the HJT scan here is the new report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:32, on 08/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ESET NOD32] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [RALINK Wireless] C:\Program Files\RALINK\Common\RaUI.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1157827580671
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promoti...anner371020.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A53420-241F-41BE-AEA1-93EDE71D6C55}: NameServer = 192.168.1.56
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6063 bytes


Thanks for all your help 2oG. I can run more scans if you want with new programs that your prescribe :}


[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		8. May 2009 @ 17:35 _ Link to this message    Send private message to this user   
:) just copy and past it here. it will work. it's done all the time.

[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
2oldGeek
AfterDawn Addict
_ 		8. May 2009 @ 17:47 _ Link to this message    Send private message to this user   
I posted it for you.. it comes out smaller on here and is easier to read :)

Give me a little time to look it over and I'll get back to you.



ComboFix 09-05-08.03 - Amin 08/05/2009 22:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.669 [GMT 1:00]
Running from: c:\documents and settings\Amin\desktop\combofix.exe
Command switches used :: /killall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-08 19:40 . 2009-05-08 19:40 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\ESET
2009-05-08 19:12 . 2009-05-08 19:12 -------- d-----w c:\documents and settings\Amin\Application Data\Malwarebytes
2009-05-08 19:12 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 19:12 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 19:12 . 2009-05-08 19:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 19:12 . 2009-05-08 19:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 12:33 . 2009-05-07 12:33 -------- d-----w c:\program files\Trend Micro
2009-05-06 19:19 . 2009-05-05 15:12 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-05 21:53 . 2009-05-07 23:25 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\Adobe
2009-05-05 21:40 . 2009-05-05 21:40 -------- d-----w c:\documents and settings\Amin\Application Data\vlc
2009-05-05 15:13 . 2009-05-05 15:12 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-05 15:12 . 2009-05-05 15:12 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-05 15:11 . 2009-05-05 15:13 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-05 14:32 . 2009-05-08 20:32 116704 ----a-w c:\documents and settings\Amin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 14:30 . 2009-05-05 14:30 -------- d-----w c:\documents and settings\Amin\Application Data\Lavasoft
2009-05-04 23:35 . 2009-05-04 23:35 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\Apple Computer
2009-05-04 23:26 . 2009-05-04 23:26 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\Help
2009-05-04 22:38 . 2009-05-04 22:38 -------- d-----w c:\documents and settings\Amin\Application Data\DivX
2009-05-04 21:41 . 2009-05-04 21:42 -------- d-----w c:\program files\mp3val
2009-05-04 21:16 . 2009-05-05 23:42 -------- d-----w c:\documents and settings\Amin\Application Data\uTorrent
2009-05-04 19:02 . 2009-05-08 21:10 -------- d-----w c:\documents and settings\Amin\Tracing
2009-05-04 18:54 . 2009-05-04 18:54 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\Mozilla
2009-05-04 18:53 . 2009-05-04 18:53 -------- d-----w c:\documents and settings\Amin\Local Settings\Application Data\Ahead
2009-05-04 14:20 . 2009-05-04 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-05-04 14:19 . 2009-05-04 14:29 -------- d-----w c:\program files\Security Task Manager
2009-05-04 13:42 . 2009-05-04 13:42 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-04-20 19:01 . 2009-04-20 19:01 -------- d-----w c:\program files\MSECache
2009-04-19 22:05 . 2009-04-19 22:11 -------- d-----w c:\program files\Blaze Media Pro
2009-04-19 22:04 . 2009-04-19 22:06 -------- dc-h--w c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-04-19 17:02 . 2009-04-19 17:02 -------- d-----w c:\program files\EA Games
2009-04-09 20:28 . 2009-04-09 20:28 -------- d-----w c:\program files\Traction Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 20:16 . 2007-07-04 10:39 -------- d-----w c:\program files\bangladictionary
2009-05-07 12:23 . 2006-09-07 20:39 -------- d-----w c:\program files\HJT
2009-05-05 15:11 . 2006-09-08 19:15 -------- d-----w c:\program files\Lavasoft
2009-05-04 21:46 . 2006-12-14 22:10 -------- d-----w c:\program files\PocketDIVXencoder
2009-05-04 11:01 . 2006-03-07 20:10 -------- d-----w c:\program files\Intel
2009-05-04 10:58 . 2009-02-13 19:33 -------- d-----w c:\program files\ExplorerXP
2009-04-19 22:00 . 2008-05-21 13:59 -------- d-----w c:\program files\FlashGet
2009-04-10 21:16 . 2009-04-06 19:08 -------- d-----w c:\program files\Amintronics
2009-04-09 20:28 . 2006-03-07 20:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 16:11 . 2009-04-06 16:03 -------- d-----w c:\program files\Tomcat
2009-04-06 15:30 . 2009-04-06 15:30 -------- d-----w c:\program files\NativeJ
2009-04-04 17:50 . 2007-07-04 10:23 -------- d-----w c:\program files\Winamp
2009-04-02 19:18 . 2009-04-02 19:18 -------- d-----w c:\program files\Diary Application 2009
2009-03-28 19:19 . 2009-03-28 19:07 -------- d-----w c:\program files\NCH Software
2009-03-20 21:54 . 2006-09-09 20:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-22 00:17 . 2009-02-22 00:17 0 ----a-w c:\windows\system32\cid_store.dat
2006-04-18 17:55 . 2006-04-18 17:55 774144 ----a-w c:\program files\RngInterstitial.dll
2006-03-18 18:23 . 2006-03-18 18:23 251 ----a-w c:\program files\wt3d.ini
2009-01-08 19:50 . 2009-01-08 19:50 80 --sh--r c:\windows\system32\D67716276C.dll
2008-02-25 16:47 . 2006-03-18 18:53 104 --sh--r c:\windows\system32\E2F53DEB73.sys
2008-02-25 16:47 . 2006-04-10 11:11 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 B4E29943B4B04BD5E7381546848E6669 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-05 516440]
"ESET NOD32"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RALINK Wireless"="c:\program files\RALINK\Common\RaUI.exe" [2006-03-15 593920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"MDM"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EhttpSrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Westwood\\Renegade\\Game2.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:BitComet 10044 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/05/2009 16:13 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 11:11 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17/04/2007 22:51 2368]
S3 DCamUSBSTK014;STK014 Camera;c:\windows\system32\DRIVERS\STK014W2.sys --> c:\windows\system32\DRIVERS\STK014W2.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/05/2008 16:40 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/05/2008 16:40 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [20/01/2008 21:14 32377]
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
TCP: {03A53420-241F-41BE-AEA1-93EDE71D6C55} = 192.168.1.56
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371020.cab
FF - ProfilePath - c:\documents and settings\Amin\Application Data\Mozilla\Firefox\Profiles\x6derewy.Amin\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPXStandard.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-08 22:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-08 21:16

Pre-Run: 10,971,602,944 bytes free
Post-Run: 12,202,307,584 bytes free

210
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		8. May 2009 @ 18:32 _ Link to this message    Send private message to this user   
:) Thanks 2oG, you just taking the time to look through it for me makes me feel very grateful, so please do take your time no rush ^_^.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		9. May 2009 @ 04:43 _ Link to this message    Send private message to this user   
Hey, BluRay,

Sorry for the delay. I got called out on an important mission; my wife had a long list of ?Honey-Do?s? for me :(


Your Logs look good now but, I am a little concerned that your windows firewall may not be working.

Check the Security Center and see that your Firewall is turned on and working, then let me know. Other than that, you?re in good shape.

Got any problems??

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		9. May 2009 @ 10:34 _ Link to this message    Send private message to this user   
Oh' the firewall I disabled on purpose. It gets on my nerves. I used to use Zone Alarm and after a while that too got on my nerves. So now I use none. Unless if you could reccommend me a good one.

:) Thanks 2oG.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		9. May 2009 @ 10:53 _ Link to this message    Send private message to this user   
I can understand ZoneAlarm getting on your nerves but, windows firewall don't bug you, so turn it on.... you need that protection in order to keep this crap out of your computer.....

Other than that, you look clean now. Turn on the firewall and I won't see you again for a long time lol :)

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		9. May 2009 @ 11:43 _ Link to this message    Send private message to this user   
Is windows firewall any good though? I always thought it did more harm than good.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		9. May 2009 @ 12:04 _ Link to this message    Send private message to this user   
Originally posted by BluRay:
 I always thought it did more harm than good.
Where on earth did you get that silly idea? Windows firewall does just what a firewall is supposed to do, it stealth?s the ports and stops unwanted downloads and hackers from getting to your computer?.. What more do you want? I always said ?Halitosis is better than No breath at all.? If you have a router, you probably don?t need it, but then I always wear suspenders and a belt because I don?t trust my pants? lol

2oG

edit - 3 good rules are:
* Always use a Firewall - You don't have to buy any fancy firewall software unless you want to, the built-in Firewall in Windows will work just fine? as long as you make sure it's enabled.
* Keep Your System Patched - I'd recommend that you leave Windows Update set to update automatically, so you don't have to think about whether you have the latest patches installed.
* Keep Your Anti-Virus / Anti-Spyware Up to Date - What's the point of using a malware protection package if you aren't going to keep it up to date? For instance, if your trial version of some non-free package runs out, you are a lot less secure than if you simply used AVG Free with automatic updates enabled.

[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 9. May 2009 @ 12:20
BluRay
Senior Member
_ 		9. May 2009 @ 13:22 _ Link to this message    Send private message to this user   
I just made the assumption that because Windows Firewall is Microsoft it would'nt be that good in protecting me.

But since you saying otherwise I turned it on.

As for automatic updates I turned it off a long time ago, I have not updated XP in dokey's years. I just don't like change, part of the reason why I dislike Vista as well, little too much change for my liking I guess.

None the less I do keep my AV up to date, and Windows Firewall is also on too now, as mentioned earlier.

=)

Out of interest what Firewall do you use?
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
2oldGeek
AfterDawn Addict
_ 		9. May 2009 @ 13:51 _ Link to this message    Send private message to this user   
Originally posted by BluRay:
 Out of interest what Firewall do you use?
Windows!

Plus, a Linksys Wireless G Router, SpywareBlaster, Avira AntiVir, Comodo BoClean and HostsXpert..

That way I don?t spend time cleaning my computer, I just help other poor souls clean theirs? lol

I am presently using Windows 7, Build 7100 Evaluation copy, and Love it!

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
BluRay
Senior Member
_ 		9. May 2009 @ 13:56 _ Link to this message    Send private message to this user   
=) Many thanks 2oldGeek.
[ + quote]
"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb BluRay.
Advertisement
_ 		__
 
_
2oldGeek
AfterDawn Addict
_ 		9. May 2009 @ 14:16 _ Link to this message    Send private message to this user   
You're more than welcome... Hope i don't see you for a while :)

2oG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please analyse my hjt log, thank you.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork