 Checking if i'm infected |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 8 2008, 12:00 PM
Post
#1
|
|
|
Member  Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059  |
i just want to know if i still have that virus or if i have other virus here's my log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:55 AM, on 11/9/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- End of file - 6885 bytes i also had this  when i scanned using Housecall Anti Virus (trend micro) i tried to download the file but it says that the file cannot be found i think this update was way back year 2004 how can i fix it? This post has been edited by charlie00: Nov 8 2008, 12:04 PM |
 |
 
|
|
Nov 14 2008, 11:59 AM
Post
#2
|
|
 Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.
I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log. You may want to keep the link to this topic in your favourites. Alternatively, you can click the  button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:
Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it. This scan is for Internet Explorer Only. If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
This scanner will only scan. It does not remove any malware it finds. Save Uninstall List with HijackThis
Post back with: -the Kaspersky log -the uninstall list -a new HijackThis log Please also tell me of any changes you have made to your computer since your topic was started. If you do not make a reply in 5 days, we will need to close your topic. With Regards, The Panda Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed. -------------------- |
|
|
|
button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.|
Nov 15 2008, 08:00 PM
Post
#3
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
here's my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:56:58 AM, on 11/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- End of file - 6509 bytes here's my kaspersky report Sunday, November 16, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 15, 2008 15:02:46 Records in database: 1385985 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ Scan statistics Files scanned 98500 Threat name 12 Infected objects 27 Suspicious objects 0 Duration of the scan 02:54:48 File name Threat name Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\014C0000\49CDE384.VBN Infected: Worm.Win32.Perlovga.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40000\4AB4C1B5.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40001\4AB4C252.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0000\4B9EE229.VBN Infected: Trojan.Win32.Disabler.i 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0001\4B9EE237.VBN Infected: Trojan.Win32.Disabler.i 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0002\4B9EE242.VBN Infected: Trojan.Win32.Disabler.i 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0003\4B9EE24C.VBN Infected: Trojan.Win32.Disabler.i 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0004\4B9EE256.VBN Infected: Trojan.Win32.Disabler.i 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000\4ABD11BC.VBN Infected: Trojan-Downloader.Win32.Zlob.wmc 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001\4ABD11CB.VBN Infected: Trojan-Downloader.Win32.Zlob.wmc 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BD66209.VBN Infected: Worm.Win32.Perlovga.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BD66225.VBN Infected: Trojan-Dropper.Win32.Small.apl 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002\4BD6622E.VBN Infected: Trojan.Win32.Agent.ad 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA80000\4DFFE3E4.VBN Infected: Trojan-GameThief.Win32.OnLineGames.alpn 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DFDA500.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sioy 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001\4DFDAB46.VBN Infected: Trojan.Win32.Vaklik.apl 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002\4DFDC122.VBN Infected: Trojan.Win32.Vaklik.apl 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000\4E672E8B.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sioy 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E7C0000(2)\4EFDD8BC.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sgog 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4EF6710E.VBN Infected: Trojan.Win32.Vaklik.arx 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4EF67140.VBN Infected: Trojan.Win32.Vaklik.aqr 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100000\4F927C78.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100001\4F927E0A.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100002\4F928350.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100003\4F9283AB.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100004\4F928D5E.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100005\4F928E95.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1 The selected area was scanned. here's my uninstall list: Ad-Aware Adobe AIR Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Reader 9 Adobe Setup Adobe Shockwave Player Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Any Video Converter 2.6.5 Cisco Networking Academy curriculum 4.0.0.0 Compatibility Pack for the 2007 Office system DivX Codec EPSON CardMonitor EPSON PhotoQuicker3.2 EPSON PhotoStarter3.0 EPSON Printer Software ES C41 Problem Solver ESET Smart Security Freecorder Toolbar Freecorder Toolbar 3.01 Application Garena getPlus® HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Product Assistant HP Solution Center 7.0 HP Update Java™ 6 Update 6 Java™ 6 Update 7 jZip K-Lite Mega Codec Pack 4.1.7 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.4) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero Suite OpenOffice.org Installer 1.0 OpenVPN 2.0.9 Packet Tracer 5.0 PowerDVD Realtek AC'97 Audio SAMSUNG CDMA Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Spybot - Search & Destroy Switch Sound File Converter Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Veoh Web Player Beta WampServer 2.0 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 Yahoo! ¤u¨ã¦C Yahoo! Messenger thanks a lot This post has been edited by charlie00: Nov 15 2008, 08:01 PM |
|
|
|
|
Nov 15 2008, 08:16 PM
Post
#4
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
Looks good to me  .Are you having any problems right now? With Regards, The Panda -------------------- |
|
|
|
|
Nov 15 2008, 09:07 PM
Post
#5
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
does it look good? hehe
what do i do with the quarantine files of symantec? i changed my AV to ESet (Symantec to ESet) is it ok? i'm experiencing slow processing speed in my computer |
|
|
|
|
Nov 16 2008, 09:16 AM
Post
#6
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
You can delete the quarentined files. ESET is a reliable AV from what I hear. Was the slowness from after the infection, or before? Please open your Task Manager, select the Processes tab and check which processes are taking the most CPU. We can disable some startup items to free memory later. With Regards, The Panda -------------------- |
|
|
|
|
Nov 16 2008, 09:23 AM
Post
#7
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
can i really delete the quarantine files?
the slowness was after the infection  |
|
|
|
|
Nov 16 2008, 09:48 AM
Post
#8
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
Yes you can safely delete those. That process list looks OK. Could I ask how much RAM you have? Let's look a bit deeper. Download and Run Scan with GMER We will use GMER to scan for rootkits.
Download and Run OTViewIt
Also include a fresh HijackThis log please. With Regards, The Panda -------------------- |
|
|
|
|
Nov 16 2008, 10:24 AM
Post
#9
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
i have 448mb of RAM XD
gmer text: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-16 23:16:21 Windows 5.1.2600 Service Pack 3 ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1724] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) ---- EOF - GMER 1.0.14 ---- otview text OTViewIt logfile created on: 11/16/2008 11:18:08 PM - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\charlie\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 447.29 Mb Total Physical Memory | 108.27 Mb Available Physical Memory | 24.20% Memory free 1.03 Gb Paging File | 0.71 Gb Available in Paging File | 68.42% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 64.45 Gb Total Space | 46.03 Gb Free Space | 71.41% Space Free | Partition Type: NTFS Drive D: | 10.07 Gb Total Space | 0.89 Gb Free Space | 8.81% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IDANAN Current User Name: charlie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2006/08/03 14:53:02 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008/07/01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\gmer.exe [2008/11/15 23:41:11 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2008/05/27 21:58:12 | 04,269,296 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008/04/14 08:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe [2008/04/14 08:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe [2008/11/16 23:17:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) [2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running]) [2008/07/09 22:54:44 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) File not found -- -- (getPlus® Helper [On_Demand | Stopped]) [2008/04/18 01:13:44 | 05,750,784 | ---- | M] () -- c:\xampp\mysql\bin\mysqld-nt.exe -- (mysql [Auto | Stopped]) [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008/01/18 00:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped]) [2008/01/18 16:57:54 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2007/01/25 16:37:16 | 04,027,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) [2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running]) [2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running]) [2008/07/01 09:04:34 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running]) [2008/07/01 09:04:36 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running]) [2008/07/01 09:04:38 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running]) [2001/08/17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running]) [2008/11/16 22:51:10 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running]) [2006/04/12 18:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) [2006/04/12 18:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) [2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) [2004/08/04 06:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running]) [2004/08/04 06:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running]) [2004/08/04 06:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) [2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped]) [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped]) [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped]) [2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running]) [2001/08/17 13:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb [On_Demand | Stopped]) [2006/10/01 14:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running]) [2008/04/14 02:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running]) [2006/08/31 13:06:16 | 00,264,704 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running]) [2004/08/04 06:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf [On_Demand | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchMigratedDefaultName"=Yahoo! Search "SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 "Start Page"=http://www.yahoo.com/ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local ========== (O1) Hosts File ========== HOSTS File = (287238 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 9901 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {1392b8d2-5c05-419f-a8f6-b9f15a596612} (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} (HKLM) -- C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}" (HKLM) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET) "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) "VTTimer"=VTTimer.exe (S3 Graphics, Inc.) "VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.) ========== (O4) Startup Folders ========== ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=0 "DisableRegistryTools"=0 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "HideStartupScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 55 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx -- SpinTop DRM Control {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CC450D71-CC90-424C-8638-1F2DBAC87A54}: file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx -- ArmHelper Control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class ========== (O17) DNS Name Servers ========== {4234E54E-E362-4C9F-A5B0-7306546ADDB5} (Servers: | Description: VIA Compatable Fast Ethernet Adapter) {CFD20C10-E597-4F83-BB75-36FAEB0CF17D} (Servers: | Description: ) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/06/07 01:10:42 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535a8e9e-abe9-11dd-aaaa-0016eca19b92}\Shell\explore\Command] ""=G:\boot.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535a8e9e-abe9-11dd-aaaa-0016eca19b92}\Shell\open\Command] ""=G:\boot.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/16 23:17:04 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe [2008/11/16 22:51:12 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini [2008/11/16 22:51:10 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll [2008/11/16 22:51:10 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/16 22:51:10 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/16 22:51:09 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe [2008/11/16 22:50:40 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\gmer.exe [2008/11/16 22:50:22 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\gmer.zip [2008/11/16 22:20:40 | 00,472,494 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\1.bmp [2008/11/16 21:10:34 | 00,005,120 | -HS- | C] () -- C:\Documents and Settings\charlie\Desktop\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\charlie\Desktop\Thumbs.db:encryptable [2008/11/16 20:56:26 | 00,025,563 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\1_862305570l.jpg [2008/11/14 05:04:24 | 00,000,000 | ---D | C] -- C:\CISCO_CCNA [2008/11/14 02:02:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\EPSON CardMonitor Essential [2008/11/14 02:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\EPSON PhotoStarter Essential [2008/11/12 19:28:44 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/11/12 19:24:20 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2008/11/12 18:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade [2008/11/12 18:16:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\SpinTop [2008/11/11 23:00:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Desktop\IM 252 [2008/11/11 00:31:04 | 00,094,208 | -H-- | C] (PS Soft) -- C:\Documents and Settings\charlie\Desktop\RaveButtons.ocx [2008/11/11 00:31:04 | 00,045,056 | -H-- | C] (PS Soft) -- C:\Documents and Settings\charlie\Desktop\Y!Multi Messenger.exe [2008/11/10 16:35:59 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to TTW.lnk [2008/11/09 00:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/11/08 18:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/11/08 18:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/11/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2008/11/08 18:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008/11/08 18:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2008/11/08 17:38:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2008/11/08 17:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2008/11/03 17:27:29 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to o2mania English.lnk [2008/11/03 16:43:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wordsearch.INI [2008/11/03 16:36:20 | 00,000,060 | ---- | C] () -- C:\WINDOWS\GECKOS.INI [2008/11/03 16:13:30 | 00,000,000 | ---D | C] -- C:\O2 Jam [2008/10/31 18:05:34 | 00,000,447 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Garena.lnk [2008/10/28 20:17:43 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll [2008/10/28 20:16:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/10/28 19:50:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2008/10/28 19:50:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2008/10/28 19:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2008/10/28 19:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2008/10/28 19:46:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2008/10/28 19:38:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2008/10/28 19:33:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2008/10/27 10:29:40 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll [2008/10/27 10:29:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2008/10/27 10:29:36 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll [2008/10/27 10:29:36 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll [2008/10/27 10:29:32 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys [2008/10/27 10:29:31 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2008/10/27 10:29:30 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys [2008/10/27 10:29:28 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys [2008/10/27 10:29:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys [2008/10/27 10:29:22 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2008/10/27 10:29:22 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll [2008/10/27 10:29:10 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe [2008/10/27 10:29:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe [2008/10/27 10:29:06 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2008/10/27 10:29:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys [2008/10/27 10:29:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2008/10/27 10:28:57 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2008/10/27 10:28:57 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys [2008/10/27 10:28:57 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2008/10/27 10:28:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2008/10/27 10:28:54 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2008/10/27 10:28:52 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll [2008/10/27 10:28:52 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2008/10/27 10:28:51 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2008/10/27 10:28:50 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll [2008/10/27 10:28:46 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2008/10/27 10:28:37 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2008/10/27 10:28:34 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2008/10/27 10:28:34 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2008/10/27 10:28:34 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2008/10/27 10:28:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2008/10/27 10:28:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2008/10/27 10:28:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll [2008/10/27 10:28:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2008/10/27 10:28:29 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2008/10/27 10:28:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2008/10/27 10:27:42 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2008/10/27 10:27:42 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2008/10/27 10:27:42 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2008/10/27 10:27:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2008/10/27 10:27:21 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2008/10/27 10:27:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2008/10/27 10:27:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2008/10/27 10:27:17 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll [2008/10/27 10:27:17 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll [2008/10/27 10:27:05 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2008/10/27 10:27:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2008/10/27 10:27:04 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2008/10/27 10:26:59 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys [2008/10/27 10:26:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe [2008/10/27 10:26:46 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys [2008/10/27 10:26:45 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys [2008/10/27 10:26:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys [2008/10/27 10:26:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe [2008/10/27 10:26:33 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2008/10/27 10:26:33 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2008/10/27 10:26:33 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2008/10/27 10:26:33 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2008/10/27 10:26:33 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2008/10/27 10:26:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2008/10/27 10:26:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2008/10/27 10:26:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2008/10/27 10:26:28 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2008/10/27 10:26:28 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2008/10/27 10:26:28 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2008/10/27 10:26:28 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2008/10/27 10:26:28 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2008/10/27 10:26:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2008/10/27 10:26:28 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2008/10/27 10:26:26 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2008/10/27 10:26:26 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2008/10/27 10:26:25 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2008/10/27 10:26:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2008/10/27 10:26:12 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys [2008/10/27 10:26:11 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys [2008/10/27 10:26:11 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys [2008/10/27 10:26:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2008/10/27 10:26:10 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2008/10/27 10:26:08 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2008/10/27 10:26:02 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys [2008/10/27 10:26:01 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys [2008/10/27 10:26:01 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys [2008/10/27 10:25:59 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2008/10/26 23:07:38 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/26 23:07:37 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/26 23:07:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/26 23:07:35 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/10/26 22:59:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/10/26 22:47:44 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2008/10/26 22:39:42 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/10/26 19:05:23 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/26 18:01:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2008/10/26 18:01:34 | 00,260,272 | ---- | C] () -- C:\cmldr [2008/10/26 18:01:22 | 00,000,000 | ---D | C] -- C:\cmdcons [2008/10/26 17:57:31 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/10/26 17:57:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/10/26 17:57:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/10/26 17:57:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/10/26 17:57:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/10/26 17:57:30 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/10/26 17:57:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/10/26 17:57:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/10/26 17:57:30 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/10/26 17:57:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2008/10/26 17:57:15 | 00,000,000 | ---D | C] -- C:\Qoobox [2008/10/26 15:02:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Local Settings\Application Data\ESET [2008/10/26 14:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\ESET [2008/10/26 14:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2008/10/26 14:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2008/10/26 14:10:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\TransRender [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\Temporary [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\ConvertTemp [2008/10/26 13:35:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers [2008/10/26 13:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\InstallShield [2008/10/21 00:41:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe ========== Files - Modified Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/16 23:17:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe [2008/11/16 22:59:08 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini [2008/11/16 22:54:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/16 22:54:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/16 22:53:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/16 22:52:36 | 02,641,812 | -H-- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\IconCache.db [2008/11/16 22:51:10 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll [2008/11/16 22:51:10 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/16 22:51:10 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/16 22:50:30 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\gmer.zip [2008/11/16 22:20:41 | 00,472,494 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\1.bmp [2008/11/16 21:10:37 | 00,005,120 | -HS- | M] () -- C:\Documents and Settings\charlie\Desktop\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\charlie\Desktop\Thumbs.db:encryptable [2008/11/16 21:09:06 | 00,025,563 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\1_862305570l.jpg [2008/11/16 12:55:49 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2008/11/16 11:23:29 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/14 02:00:13 | 00,018,563 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK [2008/11/12 19:32:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/11/12 18:20:57 | 00,000,635 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/10 16:35:59 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to TTW.lnk [2008/11/09 10:20:17 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2008/11/09 10:20:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/08 20:52:36 | 00,287,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/11/05 23:53:00 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Microsoft Office Word 2003.lnk [2008/11/04 08:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/11/03 17:27:29 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to o2mania English.lnk [2008/11/03 16:43:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Wordsearch.INI [2008/11/03 16:36:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\GECKOS.INI [2008/11/03 15:53:34 | 00,046,832 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/11/01 01:29:16 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2008/10/31 18:05:34 | 00,000,447 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Garena.lnk [2008/10/28 20:18:30 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/10/28 20:18:30 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/28 20:18:30 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/28 20:16:17 | 00,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/28 19:41:44 | 00,250,048 | RHS- | M] () -- C:\ntldr [2008/10/28 09:58:11 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008/10/24 19:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys [2008/10/24 19:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys < End of report > hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:17 PM, on 11/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\charlie\Desktop\gmer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\System32\NOTEPAD.EXE C:\Documents and Settings\charlie\Desktop\OTViewIt.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- End of file - 6654 bytes |
|
|
|
|
Nov 16 2008, 10:34 AM
Post
#10
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
Looks like ComboFix was run. Could you post C:\ComboFix.txt ? I want to see what infections were removed. With Regards, The Panda -------------------- |
|
|
|
|
Nov 16 2008, 10:41 AM
Post
#11
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
here's my first combo fix - i ran combofix even though no HJT requested it XD
ComboFix 08-10-24.02 - charlie 2008-10-26 18:35:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT 8:00] Running from: C:\Documents and Settings\charlie\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\charlie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\RECYCLER\ADAPT_Installer.exe . ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))))) . 2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ESET 2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Program Files\ESET 2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\TransRender 2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Temporary 2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ConvertTemp 2008-10-26 13:34 . 2008-10-26 13:34 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\InstallShield 2008-10-26 13:33 . 2008-10-26 13:33 <DIR> d-------- C:\Documents and Settings\charlie\mapua 2008-10-21 00:41 . 2008-10-26 13:15 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-10-09 18:42 . 2008-10-09 18:42 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Samsung 2008-10-09 17:57 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-10-09 17:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys 2008-10-09 17:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys 2008-10-09 17:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys 2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys 2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys 2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys 2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys 2008-10-09 17:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-10-09 17:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-10-09 17:55 . 2008-10-09 17:55 <DIR> d-------- C:\Program Files\Samsung 2008-10-06 18:50 . 2008-10-06 18:50 <DIR> d-------- C:\Program Files\Veoh Networks 2008-09-29 18:25 . 2008-10-26 13:21 <DIR> d-------- C:\Program Files\Packet Tracer 5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-26 10:32 --------- d-----w C:\Documents and Settings\charlie\Application Data\uTorrent 2008-10-26 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-26 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-26 05:35 --------- d-----w C:\Program Files\DivX 2008-10-26 05:35 --------- d-----w C:\Program Files\Any Video Converter 2008-10-26 05:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-26 05:34 --------- d-----w C:\Program Files\NOS 2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\Adobe 2008-10-26 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-10-26 05:21 --------- d-----w C:\Program Files\Freecorder 2008-10-16 05:59 --------- d-----w C:\Documents and Settings\charlie\Application Data\Any Video Converter 2008-09-27 10:31 --------- d-----w C:\Documents and Settings\charlie\Application Data\Image Zone Express 2008-09-07 04:54 --------- d-----w C:\Program Files\NCH Software 2008-09-02 06:16 --------- d-----w C:\Program Files\PLDTPlay 2008-09-02 06:10 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-02 05:27 --------- d-----w C:\Program Files\CyberTime 2008-09-02 05:27 --------- d-----w C:\Documents and Settings\charlie\Application Data\LimeWire 2008-09-02 05:26 --------- d-----w C:\Program Files\Replay Music 3 2008-09-02 05:26 --------- d-----w C:\Program Files\Common Files\Stardock 2008-08-26 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CityPhotos 2008-08-26 10:26 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-26 05:11 --------- d-----w C:\Documents and Settings\charlie\Application Data\DivX 2008-08-21 08:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208] "VeohPlugin"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-10 3502840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\SOUNDMAN.EXE] "VTTimer"="VTTimer.exe" [2006-08-03 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2006-08-30 C:\WINDOWS\system32\VTTrayp.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\Warcraft III\\Garena\\Garena.exe"= "C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "C:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [ ] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [ ] . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\igysnclo.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/ FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . . ------- File Associations ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-26 18:37:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-10-26 18:41:20 ComboFix-quarantined-files.txt 2008-10-26 10:40:17 Pre-Run: 44,922,716,160 bytes free Post-Run: 44,913,070,080 bytes free 174 --- E O F --- 2008-07-10 06:53:57 |
|
|
|
|
Nov 16 2008, 10:51 AM
Post
#12
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
i can't paste my second combo fix log
it is too long (i ran it again without any request from HJT) here's the second log http://www.sendspace.com/file/6ivbjp This post has been edited by charlie00: Nov 16 2008, 10:52 AM |
|
|
|
|
Nov 16 2008, 12:44 PM
Post
#13
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
Still nothing. Your logs are quite slim already. Try reinstalling your antivirus, as that often takes up lots of resouces. We'll try reinstall SP3 if it's still slow. With Regards, The Panda -------------------- |
|
|
|
|
Nov 17 2008, 03:24 AM
Post
#14
|
|
|
Member Group: Members Posts: 21 Joined: 26-October 08 Member No.: 250,059 |
thanks a lot for your help
|
|
|
|
|
Nov 17 2008, 08:14 AM
Post
#15
|
|
|
Group: HJT Team Posts: 6,883 Joined: 10-March 08 Member No.: 195,473 |
Hello.
OK, post back when you are done that. With Regards, The Panda -------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:24 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.