 Please Analyze My Hijackthis Scan, I'm from Indonesia, Geting problems with slow computer |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 18 2009, 09:51 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385  |
I'm from Indonesia and it seems that I have problems with my computer sometimes it's running slow and stop working i have scan with my hijackthis and hopefully you can help me solving this problems Thanks Guys!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:49:14 PM, on 6/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\AVI\avid.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVI\avid.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\TrafficCompressor\TCompres.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\My Lockbox\flockbox.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\CToolbar.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [TrafficCompressor] C:\Program Files\TrafficCompressor\TCompres.exe /Autorun O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A44B43-A863-4860-9569-1B0FA5925B9B}: NameServer = 202.134.0.155,192.168.0.10 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVI Guard (AVIDaemon) - Anlab Software - C:\Program Files\AVI\avid.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 10618 bytes |
 |
 
|
|
Jun 24 2009, 08:35 AM
Post
#2
|
|
 Bleepin' Peaceful Group: HJT Team Posts: 3,071 Joined: 9-December 08 Member No.: 267,653 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
 If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored! |
|
|
|
|
Jun 27 2009, 05:57 PM
Post
#3
|
|
 Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you!    Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
Jul 1 2009, 06:39 AM
Post
#4
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Thread reopened by request of topic starter.
-------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
Jul 1 2009, 06:47 AM
Post
#5
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
HI
I can't get to my PC right now I'll do it in my office tomorrow morning can you wait??? many thanks!!!!! Vincent from INdonesia |
|
|
|
|
Jul 1 2009, 08:20 PM
Post
#6
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
Hi it's my DDS scan result
DDS (Ver_09-06-26.01) - NTFSx86 Run by Ronny at 20:20:16.51 on Thu 07/02/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.333 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\AVI\avid.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\AVI\avid.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\TrafficCompressor\TCompres.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\My Lockbox\flockbox.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\CToolbar.exe C:\Documents and Settings\Ronny\Desktop\dds.scr C:\Documents and Settings\Ronny\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode mRun: [TrafficCompressor] c:\program files\trafficcompressor\TCompres.exe /Autorun mRun: [SpywareTerminator] "c:\progra~1\spywar~1\SpywareTerminatorShield.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" uPolicies-explorer: NoDesktop = 1 (0x1) uPolicies-explorer: NoAutoUpdate = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Crawler Search - tbr:iemenu IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\trafficcompressor\TCompLsp.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab TCP: {F0A44B43-A863-4860-9569-1B0FA5925B9B} = 202.134.0.155,192.168.0.10 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ronny\applic~1\mozilla\firefox\profiles\sojrnspj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - component: c:\program files\crawler\firefox\components\xcomm.dll FF - component: c:\program files\crawler\firefox\components\xshared.dll FF - component: c:\program files\crawler\firefox\components\xsupport.dll FF - component: c:\program files\crawler\firefox\components\xwsg.dll FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-3-12 17264] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-2-28 142592] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 55640] R2 AVIDaemon;AVI Guard;c:\program files\avi\avid.exe [2009-3-27 224256] =============== Created Last 30 ================ 2009-06-30 01:15 <DIR> --d----- c:\program files\Manage PC Shut Down 2009-06-30 01:14 <DIR> --d----- c:\windows\Downloaded Installations 2009-06-30 00:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir 2009-06-29 20:37 192,787,466 a------- C:\Membantu Kehidupan Warga di Daerah Tandus.flv 2009-06-26 00:00 192,955,532 a------- C:\Ceramah Master Menjaga Hati dan Pikiran dalam menghadapi kesulitan.flv 2009-06-23 03:34 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-06-23 00:40 192,835,252 a------- C:\Welas Asih Terhadap semua makhluk mencerminkan hati Buddha.flv 2009-06-20 03:21 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-20 03:21 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-19 02:26 192,919,754 a------- C:\Menyelamatkan dunia dengan bervegetarian dan melestarikan lingkungan.flv 2009-06-19 00:38 <DIR> --d----- c:\program files\mIRC ==================== Find3M ==================== 2009-04-09 02:48 737,280 a------- c:\windows\iun6002.exe ============= FINISH: 20:20:38.48 =============== I'm waiting for your next instruction Thanks! Vincent
Attached File(s)
|
|
|
|
|
Jul 2 2009, 09:29 PM
Post
#7
|
|
 Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hello and welcome to Bleeping Computer.
My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would be grateful if you would note the following:
Can you tell me if you no what the following files are? C:\Membantu Kehidupan Warga di Daerah Tandus.flv C:\Ceramah Master Menjaga Hati dan Pikiran dalam menghadapi kesulitan.flv C:\Welas Asih Terhadap semua makhluk mencerminkan hati Buddha.flv C:\Menyelamatkan dunia dengan bervegetarian dan melestarikan lingkungan.flv Please download Malwarebytes' Anti-Malware from Here Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
Next
Then please post back here with the following:
Thanks --------------------  Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 4 2009, 02:37 AM
Post
#8
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
HI SIlar
it's week end and my cpomputer is in the office so please be patient I'll do what you want me to do A.S.A.P thanks vincent |
|
|
|
|
Jul 4 2009, 04:33 PM
Post
#9
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hello vincent,
Ok, cheers for letting me no and it's Syler by the way. -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
 Jul 5 2009, 10:38 PM
Post
#10
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
Hi Syler
This is my MBAM scan log Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 5.1.2600 Service Pack 2 7/6/2009 10:20:20 PM mbam-log-2009-07-06 (22-20-20).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 216906 Time elapsed: 1 hour(s), 17 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully. Files Infected: c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully. This is my log from RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Ronny at 2009-07-06 22:37:03 Microsoft Windows XP Professional Service Pack 2 System drive C: has 35 GB (61%) free of 57 GB Total RAM: 1023 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:13 PM, on 7/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\AVI\avid.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVI\avid.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\TrafficCompressor\TCompres.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\My Lockbox\flockbox.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Crawler\CToolbar.exe C:\Program Files\DAP\DAP.EXE C:\Documents and Settings\Ronny\My Documents\My Completed Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Ronny.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [TrafficCompressor] C:\Program Files\TrafficCompressor\TCompres.exe /Autorun O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A44B43-A863-4860-9569-1B0FA5925B9B}: NameServer = 202.134.0.155,192.168.0.10 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVI Guard (AVIDaemon) - Anlab Software - C:\Program Files\AVI\avid.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 11179 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] C:\PROGRA~1\Crawler\ctbr.dll [2009-03-04 1196032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-20 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-20 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2009-03-04 1196032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152] "Ptipbmf"=ptipbmf.dll,SetWriteCacheMode [] "TrafficCompressor"=C:\Program Files\TrafficCompressor\TCompres.exe [2007-01-11 1511424] "SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-02-28 2233856] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992] ""= [] "flockbox"=C:\Program Files\My Lockbox\flockbox.exe [2007-04-18 1070448] "PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-07 237568] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-20 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-02-27 3053056] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDesktop"=1 "NoDriveTypeAutoRun"=255 "NoAutoUpdate"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\MY DATA\mIRC\mirc.exe"="D:\MY DATA\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60251d90-3f86-11de-bc31-000ea6bfa79e}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86320bea-3537-11de-bc1b-000ea6bfa79e}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GameSetup.exe ======File associations====== .js - edit - .js - open - .txt - open - ======List of files/folders created in the last 1 months====== 2009-07-06 22:37:03 ----D---- C:\rsit 2009-07-05 02:43:56 ----D---- C:\Documents and Settings\Ronny\Application Data\Malwarebytes 2009-07-05 02:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-05 02:43:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-02 22:44:59 ----D---- C:\Convertedpsp 2009-07-02 22:44:59 ----D---- C:\Converted 2009-06-30 01:15:45 ----D---- C:\Program Files\Manage PC Shut Down 2009-06-30 01:14:46 ----D---- C:\WINDOWS\Downloaded Installations 2009-06-30 00:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2009-06-23 03:53:30 ----D---- C:\Program Files\Microsoft Works 2009-06-23 03:34:32 ----D---- C:\Program Files\Microsoft ActiveSync 2009-06-23 03:33:25 ----D---- C:\Program Files\Common Files\DESIGNER 2009-06-20 03:21:32 ----D---- C:\WINDOWS\Sun 2009-06-20 03:21:07 ----A---- C:\WINDOWS\system32\javaws.exe 2009-06-20 03:21:07 ----A---- C:\WINDOWS\system32\javaw.exe 2009-06-20 03:21:07 ----A---- C:\WINDOWS\system32\java.exe 2009-06-20 03:21:07 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-06-20 03:20:45 ----D---- C:\Program Files\Java 2009-06-20 03:14:33 ----D---- C:\Documents and Settings\Ronny\Application Data\Sun 2009-06-19 00:38:54 ----D---- C:\Program Files\mIRC ======List of files/folders modified in the last 1 months====== 2009-07-06 22:36:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-07-06 22:33:52 ----D---- C:\WINDOWS\Temp 2009-07-06 22:33:15 ----D---- C:\Program Files\Crawler 2009-07-06 22:32:35 ----D---- C:\Program Files\Mozilla Firefox 2009-07-06 22:32:25 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-06 22:32:14 ----A---- C:\WINDOWS\win.ini 2009-07-06 22:22:03 ----D---- C:\WINDOWS\system32\drivers 2009-07-06 22:21:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-06 22:20:20 ----RD---- C:\Program Files 2009-07-06 20:42:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2009-07-06 20:41:06 ----D---- C:\WINDOWS 2009-07-05 02:43:56 ----D---- C:\WINDOWS\Prefetch 2009-07-04 20:19:53 ----D---- C:\Program Files\Spyware Terminator 2009-07-04 20:15:19 ----D---- C:\Documents and Settings\Ronny\Application Data\Spyware Terminator 2009-07-04 03:49:41 ----D---- C:\WINDOWS\system32 2009-07-04 00:29:34 ----D---- C:\Program Files\FLVPlayer4Free 2009-07-02 23:47:45 ----D---- C:\Documents and Settings\Ronny\Application Data\mIRC 2009-06-30 00:59:50 ----SHD---- C:\WINDOWS\Installer 2009-06-30 00:59:49 ----HD---- C:\Config.Msi 2009-06-29 22:37:51 ----D---- C:\Documents and Settings\Ronny\Application Data\VSO 2009-06-26 02:56:06 ----A---- C:\WINDOWS\Ulead32.INI 2009-06-23 03:52:38 ----SD---- C:\Documents and Settings\Ronny\Application Data\Microsoft 2009-06-23 03:35:52 ----A---- C:\WINDOWS\ODBC.INI 2009-06-23 03:34:53 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-06-23 03:34:50 ----RSD---- C:\WINDOWS\Fonts 2009-06-23 03:34:37 ----D---- C:\WINDOWS\SHELLNEW 2009-06-23 03:33:25 ----D---- C:\Program Files\Common Files 2009-06-23 03:33:15 ----HD---- C:\WINDOWS\inf ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-30 96104] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-30 55640] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792] R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-05-20 121856] R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128] S3 a3xw9bke;a3xw9bke; C:\WINDOWS\system32\drivers\a3xw9bke.sys [] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-19 235100] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704] S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488] S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-10 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504] R2 AVIDaemon;AVI Guard; C:\Program Files\AVI\avid.exe [2009-03-30 224256] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-20 152984] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-02-28 540672] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-02 654848] R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-02-21 520192] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- This is the Info txt info.txt logfile of random's system information tool 1.06 2009-07-06 22:37:15 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931} Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE} Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA} Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AVI-->C:\Program Files\AVI\avi.exe -uninstall Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" Copy Cat 2.0-->"C:\Program Files\Copy Cat\unins000.exe" Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe" Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE E.M. Scratched DVD Copy 2.40-->"C:\Program Files\E.M. Scratched DVD Copy\unins000.exe" Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG FLVPlayer4Free Free FLV Player 2.5.0.0-->"C:\Program Files\FLVPlayer4Free\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Color LaserJet 2605 Series 1.0-->C:\Program Files\HP\Digital Imaging\{4E59AA98-3EF3-47A3-9DEA-6B37F00C901F}\setup\hpzscr01.exe -datfile hppscr03.dat -forcereboot HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Lunarmedia Clock B.-->C:\Program Files\Lunarmedia Clock B.\uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manage PC Shut Down 1.0-->"C:\Program Files\Manage PC Shut Down\unins000.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe My Lockbox 1.1 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe" Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7} Nokia PC Connectivity Solution-->MsiExec.exe /I{290749B0-1E08-427C-9E26-2CA156DC3094} Nokia PC Suite-->MsiExec.exe /I{B4337A99-5684-474A-B261-E9C71F88E978} Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} ScanWizard 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe" SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe" TrafficCompressor-->C:\Program Files\TrafficCompressor\uninstall.exe UTool 1.13-->"C:\Program Files\UTool\unins000.exe" VSO Image Resizer 2.0.1.9-->"C:\Program Files\VSO\Image Resizer\unins000.exe" WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG =====HijackThis Backups===== O4 - HKCU\..\Run: [Explorer] Wscript.exe //e:VBScript "C:\Documents and Settings\Ronny\My Documents\database.mdb" [2009-06-18] O4 - HKLM\..\Run: [WinUpdate] Wscript.exe //e:VBScript "C:\WINDOWS\:Microsoft Office Update for Windows XP.sys" [2009-06-18] ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: TZU-A76EC6665B5 Event Code: 51 Message: An error was detected on device \Device\CdRom1 during a paging operation. Record Number: 11390 Source Name: Cdrom Time Written: 20090610010324.000000-420 Event Type: warning User: Computer Name: TZU-A76EC6665B5 Event Code: 51 Message: An error was detected on device \Device\CdRom1 during a paging operation. Record Number: 11389 Source Name: Cdrom Time Written: 20090610010324.000000-420 Event Type: warning User: Computer Name: TZU-A76EC6665B5 Event Code: 51 Message: An error was detected on device \Device\CdRom1 during a paging operation. Record Number: 11388 Source Name: Cdrom Time Written: 20090610010324.000000-420 Event Type: warning User: Computer Name: TZU-A76EC6665B5 Event Code: 51 Message: An error was detected on device \Device\CdRom1 during a paging operation. Record Number: 11387 Source Name: Cdrom Time Written: 20090610010324.000000-420 Event Type: warning User: Computer Name: TZU-A76EC6665B5 Event Code: 51 Message: An error was detected on device \Device\CdRom1 during a paging operation. Record Number: 11386 Source Name: Cdrom Time Written: 20090610010324.000000-420 Event Type: warning User: =====Application event log===== Computer Name: TZU-A76EC6665B5 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.PEPM.Gen' in the file C:\Documents and Settings\Ronny\Local Settings\Temp\RarSFX1\Kdc.VIR Record Number: 59 Source Name: Avira AntiVir Time Written: 20090428203237.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: TZU-A76EC6665B5 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.PEPM.Gen' in the file C:\Documents and Settings\Ronny\Local Settings\Temp\RarSFX6\Kdc.exe Record Number: 49 Source Name: Avira AntiVir Time Written: 20090428011058.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: TZU-A76EC6665B5 Event Code: 4113 Message: AntiVir has detected 'W32/Almanahe.B' in the file H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe Record Number: 48 Source Name: Avira AntiVir Time Written: 20090427233748.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: TZU-A76EC6665B5 Event Code: 1517 Message: Windows saved user TZU-A76EC6665B5\Ronny registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 10 Source Name: Userenv Time Written: 20090425222935.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: TZU-A76EC6665B5 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.PEPM.Gen' in the file C:\Documents and Settings\Ronny\Local Settings\Temp\RarSFX6\Kdc.exe Record Number: 9 Source Name: Avira AntiVir Time Written: 20090425193045.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0303 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- What's next THANKS Vincent |
|
|
|
|
Jul 6 2009, 12:23 AM
Post
#11
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
QUOTE Can you tell me if you no what the following files are? C:\Membantu Kehidupan Warga di Daerah Tandus.flv C:\Ceramah Master Menjaga Hati dan Pikiran dalam menghadapi kesulitan.flv C:\Welas Asih Terhadap semua makhluk mencerminkan hati Buddha.flv C:\Menyelamatkan dunia dengan bervegetarian dan melestarikan lingkungan.flv Can you answer this please. -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 6 2009, 04:46 AM
Post
#12
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
C:\Membantu Kehidupan Warga di Daerah Tandus.flv
C:\Ceramah Master Menjaga Hati dan Pikiran dalam menghadapi kesulitan.flv C:\Welas Asih Terhadap semua makhluk mencerminkan hati Buddha.flv C:\Menyelamatkan dunia dengan bervegetarian dan melestarikan lingkungan.flv Dear Syler These files are flv videos, they're allright and do no harm. Thanks Vincent |
|
|
|
|
Jul 6 2009, 05:04 PM
Post
#13
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hi Vincent,
QUOTE These files are flv videos, they're allright and do no harm. Ok that's fine I shall leave them alone, I just didn't no what they were as I presume they are in a different language. I see that you have used HijackThis to fix the following entries, do you no what these entries are? O4 - HKCU\..\Run: [Explorer] Wscript.exe //e:VBScript "C:\Documents and Settings\Ronny\My Documents\database.mdb" [2009-06-18] O4 - HKLM\..\Run: [WinUpdate] Wscript.exe //e:VBScript "C:\WINDOWS\:Microsoft Office Update for Windows XP.sys" [2009-06-18] Im not seeing anything causing trouble in your logs, can you tell me what issues you are having? Please run a BitDefender Online Scan
Next We need to create an OTL Report
Then please post back here with the following:
Thanks -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
icon on your desktop.
button.
 Jul 7 2009, 04:22 AM
Post
#14
|
|
|
New Member Group: Members Posts: 9 Joined: 18-June 09 Member No.: 343,385 |
Dear Syler
It's presidential election tomorrow and it's going to be a holiday in Indonesia So i'll get to your instruction the day after tomorrow Please be patient Many Thanks Vincent |
|
|
|
|
Jul 7 2009, 04:27 AM
Post
#15
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Ok, no problem, thanks for letting me no.
Syler -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:48 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.