Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pleasseee Helpppp.. Is It Smitfraud?


  • This topic is locked This topic is locked
2 replies to this topic

#1 cewe_smrg

cewe_smrg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 09 December 2007 - 06:23 AM

hix.. please help me.. my friend borrowed my pc once and then it started to slowen down.. especially the internet connection.. here's the log..

ComboFix 07-12-09.3 - User 2007-12-09 18:11:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.459 [GMT 7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small.gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\jofstvyt.sbin
C:\WINDOWS\system32\prrbpgbr.sys
C:\WINDOWS\system32\rwuwin32.drv
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-09 17:54 . 2007-12-09 17:54 <DIR> d-------- C:\Program Files\AntiVirusPro
2007-12-09 17:54 . 2007-12-09 17:54 <DIR> d-------- C:\Documents and Settings\User\Application Data\Anti-Virus-Pro.com
2007-12-09 00:13 . 2007-12-09 00:13 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2007-12-09 00:13 . 2007-12-09 00:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\FloodLightGames
2007-12-09 00:13 . 2007-12-09 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-12-09 00:07 . 2007-12-09 00:11 <DIR> d-------- C:\Program Files\Death On The Nile
2007-12-08 23:57 . 2007-12-08 23:57 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-08 23:46 . 2007-12-09 14:27 <DIR> d-------- C:\Program Files\CASHFLOW
2007-12-08 23:43 . 2007-12-08 23:43 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-08 23:43 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2007-12-08 23:43 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2007-12-08 23:42 . 2007-12-08 23:42 <DIR> d-------- C:\Program Files\Sudoku 9981
2007-12-08 23:14 . 2007-12-08 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-08 23:04 . 2007-12-08 23:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\GameHouse
2007-12-08 23:04 . 2007-12-08 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-12-08 23:04 . 2007-12-08 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-12-08 22:21 . 2007-12-08 22:21 <DIR> d-------- C:\Program Files\GetData
2007-12-08 17:49 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-08 17:49 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-08 17:49 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-08 17:49 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-08 17:49 . 2007-12-09 16:05 3,216 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-08 16:59 . 2007-12-08 16:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-08 16:11 . 2007-12-09 18:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-08 16:11 . 2007-12-08 16:11 2,154 --a------ C:\WINDOWS\system32\tmmute.ini
2007-12-07 23:51 . 2007-12-07 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-12-07 22:36 . 2007-12-06 18:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-06 18:19 . 2007-12-07 22:36 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2007-11-30 16:07 . 2007-11-30 16:07 <DIR> d-------- C:\WINDOWS\A4W_DATA
2007-11-30 15:42 . 2007-11-30 15:42 8,303 --a------ C:\WINDOWS\Aware40.mch
2007-11-30 15:37 . 2007-11-30 15:37 48,698 --a------ C:\WINDOWS\Run32A40.mch
2007-11-30 15:36 . 2007-11-30 15:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-30 15:36 . 2007-11-30 15:36 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2007-11-30 15:36 . 2007-11-30 15:37 35 --a------ C:\WINDOWS\A4W.INI
2007-11-30 15:25 . 2007-12-09 18:14 <DIR> d-------- C:\Program Files\SpyAway
2007-11-30 14:03 . 2007-12-05 21:25 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-30 14:00 . 2007-11-30 14:00 15,360 --a------ C:\WINDOWS\absolute key logger.lnk
2007-11-30 14:00 . 2007-11-30 14:00 12,032 --a------ C:\WINDOWS\aconti.ini
2007-11-30 14:00 . 2007-11-30 14:00 8,448 --a------ C:\WINDOWS\aconti.sdb
2007-11-30 13:59 . 2007-11-30 16:37 1,684 --a------ C:\WINDOWS\default.htm
2007-11-30 13:39 . 2007-11-30 13:39 14 --a------ C:\WINDOWS\system32\din.ip
2007-11-30 13:39 . 2007-11-30 13:39 4 --a------ C:\WINDOWS\system32\fuamfu32.ini
2007-11-30 13:38 . 2007-11-30 13:38 51,712 --a------ C:\WINDOWS\system32\e404d.dll
2007-11-30 13:38 . 2007-11-30 13:38 2 --a------ C:\WINDOWS\system32\faxwin32.bin
2007-11-29 21:32 . 2007-12-08 21:55 40 --a------ C:\WINDOWS\RSoftInfo.dat
2007-11-29 21:32 . 2007-11-29 21:32 0 --a------ C:\WINDOWS\Pool.INI
2007-11-28 16:47 . 2007-11-28 16:47 <DIR> d-------- C:\Program Files\SocialFm
2007-11-28 16:47 . 2007-11-28 16:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mercora
2007-11-25 12:44 . 2007-11-25 12:44 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-23 20:52 . 2007-11-23 20:53 <DIR> d-------- C:\Program Files\Alkitab Elektronik
2007-11-23 20:52 . 1999-04-23 22:22 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-11-23 20:52 . 1999-04-23 22:22 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-11-23 20:52 . 1997-06-23 01:06 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-11-23 20:52 . 2000-05-22 00:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2007-11-23 20:52 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\Richtx32.ocx
2007-11-23 20:52 . 2000-05-22 00:00 140,488 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2007-11-23 20:52 . 1997-06-23 01:06 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-11-23 20:52 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-11-23 20:52 . 1997-11-17 18:31 27,648 --a------ C:\WINDOWS\system32\Hh.exe
2007-11-23 20:52 . 1997-06-23 01:06 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-11-20 23:38 . 2007-11-20 23:38 <DIR> d-------- C:\Program Files\TouchStoneSoftware
2007-11-17 23:25 . 2007-11-17 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sibelius Software
2007-11-17 23:25 . 2007-11-17 23:25 604 --ah----- C:\WINDOWS\T4
2007-11-17 23:25 . 2007-11-17 23:25 604 --ah----- C:\WINDOWS\system32\T3
2007-11-17 23:23 . 2007-11-17 23:23 <DIR> d-------- C:\Program Files\Sibelius Software
2007-11-17 23:20 . 2000-05-22 07:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2007-11-17 23:20 . 2005-11-10 12:42 57,344 -ra------ C:\WINDOWS\system32\CtPmAddf.dll
2007-11-17 23:20 . 1999-10-10 16:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-11-17 23:20 . 2005-09-01 10:11 10,937 -ra------ C:\WINDOWS\system32\CtPmMidi.dll
2007-11-17 23:19 . 2005-08-31 13:31 28,672 -ra------ C:\WINDOWS\system32\CtPmFkdi.dll
2007-11-17 23:19 . 2005-08-29 15:51 18,176 -ra------ C:\WINDOWS\system32\drivers\CtPmFilt.sys
2007-11-17 22:28 . 2003-04-18 16:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-11-17 22:28 . 2003-04-18 16:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-11-17 22:28 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-11-17 21:18 . 2007-11-25 12:44 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2007-11-17 21:18 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
2007-11-13 17:13 . 2007-11-13 17:13 <DIR> d-------- C:\Program Files\Bubble Shooter Premium Edition
2007-11-13 17:13 . 2007-11-13 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Absolutist
2007-11-10 19:56 . 2007-11-10 19:56 <DIR> d-------- C:\Program Files\FLVPlayer
2007-11-10 19:55 . 2007-11-10 19:55 <DIR> d-------- C:\Program Files\LizardTech
2007-11-09 22:39 . 2007-11-09 23:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 06:58 --------- d-----w C:\Documents and Settings\User\Application Data\AVG7
2007-12-08 16:10 --------- d-----w C:\Program Files\GameHouse
2007-12-08 09:14 --------- d-----w C:\Program Files\Creative
2007-11-23 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 16:25 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-14 13:55 --------- d-----w C:\Documents and Settings\User\Application Data\U3
2007-11-08 13:28 --------- d-----w C:\Program Files\epson
2007-11-07 16:46 --------- d-----w C:\Program Files\Sallys Salon
2007-11-07 08:37 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-02 08:21 --------- d-----w C:\Documents and Settings\User\Application Data\mIRC
2007-11-02 08:04 --------- d-----w C:\Program Files\Avant Browser
2007-11-02 08:04 --------- d-----w C:\Documents and Settings\User\Application Data\Avant Profiles
2007-10-25 13:00 --------- d-----w C:\Program Files\iPod2PC
2007-10-21 12:57 --------- d-----w C:\Program Files\Microsoft Student
2007-10-21 12:57 --------- d-----w C:\Program Files\Learning Essentials
2007-10-19 07:19 --------- d-----w C:\Documents and Settings\User\Application Data\CyberLink
2007-10-16 13:45 --------- d-----w C:\Program Files\Winamp
2007-09-25 06:06 27,262,976 ----a-w C:\VIRTPART.DAT
2007-09-25 05:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-09-25 05:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-08-07 09:36 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548E1154-FA99-4B77-9FC5-02C9D8C9D24D}]
2007-11-30 15:25 45056 --a------ C:\Program Files\SpyAway\sa_ie_monitor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E72884-4FD2-464F-A6B8-468F31C40E36}]
C:\WINDOWS\system32\qiawpbjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 19:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"L08AXLRD_5895062"="D:\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe" [2007-05-21 18:00]
"Social.FM Desktop"="C:\Program Files\SocialFm\MercoraClient.exe" [2007-11-14 04:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2002-12-31 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-27 22:55 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2002-12-31 19:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 19:52]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"P17Helper"="Rundll32 P17.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15]
"EPSON Stylus CX3500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.exe" [2004-03-04 10:00]
"CTHotKeys"="C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" [2005-09-06 16:56]
"SpyAway"="C:\Program Files\SpyAway\spyaway.exe" [2007-11-30 15:25]
"AntiVirusPro"="C:\Program Files\AntiVirusPro\AntiVirusPro.exe" [2007-09-12 21:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 19:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2007-12-08 16:11:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-12-08 16:11 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {6c3c59fd-6485-43c3-adb6-aa8e09eef003} - e404d.dll [ ]

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
S3 CtPmFilt;CtPmFilt;C:\WINDOWS\system32\drivers\CtPmFilt.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ad03811-6dd2-11dc-9c77-00c026aaa029}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c00800-70ef-11dc-9c7d-00c026aaa029}]
\Shell\Auto\command - sky.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fdaa7f6-6dd3-11dc-9c78-00c026aaa029}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d135b9a-6dd1-11dc-9c76-00c026aaa029}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da5cba90-82f9-11dc-9c99-00c026aaa029}]
\Shell\Auto\command - G:\Recycled/dllcache32.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\User\LOCALS~1\Temp\xkrplhfg.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 18:15:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 18:16:19 - machine was rebooted
.
--- E O F ---

Edited by cewe_smrg, 09 December 2007 - 06:46 AM.


BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:56 AM

Posted 24 December 2007 - 05:52 AM

Hi cewe_smrg

If you still need help, please do this next:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:56 AM

Posted 30 December 2007 - 11:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users