Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 adrenalist

adrenalist

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 20 June 2008 - 02:36 AM

i believe i have several viruses on my computer. my computer runs very slow, i have difficulty playing computer games without being disconnected, but my norton anti-virus doesn't pick up any of these viruses. i decided to do a quick hijackthis scan and post it here to see whether i am infected or not.

Deckard's System Scanner v20071014.68
Run by Hiraga on 2008-06-20 00:45:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Hiraga.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:54 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Hiraga\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hiraga.exe

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8} - C:\WINDOWS\system32\ljJyXqRj.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {78DE8848-C147-4DEB-B186-ACB4D8541CDD} - C:\WINDOWS\system32\jkkHAQih.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {f046d8ae-0fdd-7f18-7844-2bbb1fe198c9} - {9c891ef1-bbb2-4487-81f7-ddf0ea8d640f} - C:\WINDOWS\system32\ypufjhkb.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [obgarg] "C:\Documents and Settings\Hiraga\obgarg.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [1ca1d886] rundll32.exe "C:\WINDOWS\system32\igahskbl.dll",b
O4 - HKLM\..\Run: [BM1f92eb1a] Rundll32.exe "C:\WINDOWS\system32\fwfrosjc.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: kfrfunbp - C:\WINDOWS\SYSTEM32\kfrfunbp.dll
O20 - Winlogon Notify: ljJyXqRj - C:\WINDOWS\SYSTEM32\ljJyXqRj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10516 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 00:25:31		 0 d-------- C:\Program Files\Trend Micro
2008-06-19 21:55:04	 91392 --a------ C:\WINDOWS\system32\igahskbl.dll
2008-06-17 21:56:34	110336 --a------ C:\WINDOWS\system32\ypufjhkb.dll
2008-06-17 21:53:34	 95360 --a------ C:\WINDOWS\system32\fwfrosjc.dll
2008-06-17 07:16:15		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\InterVideo
2008-06-16 22:43:40		 0 d-------- C:\Program Files\PartyGaming
2008-06-16 14:56:50		 0 d-------- C:\Program Files\anyMania
2008-06-16 13:46:38		 0 d-------- C:\Program Files\AskSBar
2008-06-16 13:45:20		 0 d-------- C:\Program Files\Gamevance
2008-06-16 11:03:24		 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer
2008-06-15 21:50:23	256692 --ahs---- C:\WINDOWS\system32\hiQAHkkj.ini2
2008-06-15 21:50:07	322944 --a------ C:\WINDOWS\system32\jkkHAQih.dll
2008-06-15 21:45:36	 29824 --a------ C:\WINDOWS\system32\jkklKBSj.dll
2008-06-15 21:45:31	 29824 --a------ C:\WINDOWS\system32\pmnkJyvU.dll
2008-06-15 21:45:24	 29824 --a------ C:\WINDOWS\system32\wvUmllJA.dll
2008-06-15 21:45:12	 29824 --a------ C:\WINDOWS\system32\qoMghiih.dll
2008-06-15 21:45:11	 29824 --a------ C:\WINDOWS\system32\cbXQIyYp.dll
2008-06-15 21:45:06	 29824 --a------ C:\WINDOWS\system32\byXQHaWo.dll
2008-06-15 21:45:03	 29824 --a------ C:\WINDOWS\system32\nnnmlICt.dll
2008-06-15 21:45:03	 29824 --a------ C:\WINDOWS\system32\fccywvWo.dll
2008-06-15 21:45:03	 29824 --a------ C:\WINDOWS\system32\efcYSlJA.dll
2008-06-15 21:44:50	 29824 --a------ C:\WINDOWS\system32\ljJyXqRj.dll
2008-06-15 17:08:55		 0 d-------- C:\Program Files\Trinity Entertainment
2008-06-10 19:00:09	 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-06-09 14:23:44		 0 d-------- C:\Program Files\uTorrent
2008-06-09 14:23:38		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\uTorrent
2008-06-08 19:58:34		 0 d--hs---- C:\WINDOWS\system32\28463
2008-06-03 20:48:12		 0 d-------- C:\WINDOWS\.EPIC_file_store_32
2008-05-28 16:09:06		 0 d-------- C:\Program Files\Gravity
2008-05-27 20:58:19		 0 d-------- C:\Program Files\Emsa DLL Register Tool
2008-05-27 10:36:11		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Hamachi
2008-05-26 18:09:35		 0 d-------- C:\Program Files\euro gunz beta 6
2008-05-26 16:06:14		 0 d-------- C:\Program Files\BGM maker
2008-05-26 15:58:12		 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-05-26 15:58:11		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\NCH Swift Sound
2008-05-26 15:52:53		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Someplayer
2008-05-26 14:17:50		 0 d-------- C:\Program Files\Hamachi
2008-05-23 23:28:55		 5 --a------ C:\Program Files\ntde.dat
2008-05-23 23:22:46		 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-23 23:11:46		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\rzgunz.com
2008-05-23 23:02:51		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\EpicGamerz
2008-05-23 23:02:51		 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EpicGamerz
2008-05-23 22:53:52		 0 d-------- C:\Program Files\EpicGamerz
2008-05-23 22:27:00		 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2008-05-23 22:24:19		 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-21 20:12:48		 0 d-------- C:\WINDOWS\MyBadRose Online Private Server Patch
2008-05-20 19:52:10		 0 d-------- C:\i386


-- Find3M Report ---------------------------------------------------------------

2008-06-20 00:35:08		 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-19 20:24:33		 0 d-------- C:\Program Files\Angels Online <ANGELS~1>
2008-06-19 09:53:42		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\MSN6
2008-06-12 03:40:09		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Macromedia
2008-06-12 03:39:24		 0 d-------- C:\Program Files\Common Files
2008-06-12 03:34:46		 0 d-------- C:\Program Files\VstPlugins
2008-06-12 03:34:46		 0 d-------- C:\Program Files\Image-Line
2008-06-12 03:34:13		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Dev-Cpp
2008-06-10 18:49:11		 0 d-------- C:\Program Files\Symantec
2008-06-03 21:23:13		 0 d-------- C:\Program Files\Java
2008-05-27 20:52:53		 0 d-------- C:\Program Files\Movie Maker
2008-05-27 15:30:15		 0 d--h----- C:\Documents and Settings\Hiraga\Application Data\ijjigame
2008-05-27 15:23:17		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Ventrilo
2008-05-23 23:22:45		 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-22 13:07:16		 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 20:52:29		 0 d-------- C:\Program Files\Google
2008-05-17 21:09:25		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\www.TheXSoft.com
2008-05-17 20:00:34		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Apple Computer
2008-05-17 19:58:40		 0 d-------- C:\Program Files\iTunes
2008-05-17 19:57:44		 0 d-------- C:\Program Files\iPod
2008-05-17 19:54:10		 0 d-------- C:\Program Files\Bonjour
2008-05-17 19:51:01		 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:46:26		 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 18:39:35		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Help
2008-05-16 12:06:56		 0 d-------- C:\Program Files\NHN USA
2008-05-16 12:06:55		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 23:05:07		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Ulead Systems
2008-05-12 19:49:16		 0 d-------- C:\Program Files\Common Files\InterVideo
2008-05-12 19:46:22		 0 d-------- C:\Program Files\Windows Media Components
2008-05-12 19:46:21		 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-12 19:44:14		 0 d-------- C:\Program Files\Ulead Systems
2008-05-11 23:26:24		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\CyberLink
2008-05-11 23:21:31		 0 d-------- C:\Program Files\FlashGet
2008-05-11 23:20:38		 0 d-------- C:\Program Files\CyberLink
2008-05-11 23:18:39		 0 d-------- C:\Program Files\SmartSound Software
2008-05-11 22:52:00		 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-11 22:39:44		 0 d-------- C:\Program Files\SourceTec
2008-05-04 16:30:52		 0 d-------- C:\Program Files\Ares
2008-05-04 16:27:09		 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Adobe
2008-05-03 16:29:28		 0 d-------- C:\Program Files\PremiumSoft
2008-04-30 21:10:58		 0 d-------- C:\Program Files\Ventrilo
2008-04-30 21:09:56		 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 22:49:03		 0 d-------- C:\Program Files\Triggersoft
2008-04-27 21:22:52		 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-27 19:13:36	704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}]
06/15/2008 09:44 PM	29824	--a------	C:\WINDOWS\system32\ljJyXqRj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 09:05 PM	349552	--a------	C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/24/2008 11:50 AM	116088	--a------	C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78DE8848-C147-4DEB-B186-ACB4D8541CDD}]
06/15/2008 09:50 PM	322944	--a------	C:\WINDOWS\system32\jkkHAQih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c891ef1-bbb2-4487-81f7-ddf0ea8d640f}]
06/17/2008 09:56 PM	110336	--a------	C:\WINDOWS\system32\ypufjhkb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 09:05 PM 349552]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/16/2008 01:46 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [08/20/2002 11:29 AM]
"DXDllRegExe"="dxdllreg.exe" []
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06/09/2003 08:07 PM]
"@"="" []
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [06/24/2003 07:32 PM C:\WINDOWS\system32\nwiz.exe]
"Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [07/08/2003 10:21 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/25/2003 12:24 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 06:47 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/06/2008 11:49 PM]
"obgarg"="C:\Documents and Settings\Hiraga\obgarg.exe" [03/13/2008 08:37 PM]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03/03/2007 02:12 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [06/16/2008 01:45 PM]
"1ca1d886"="C:\WINDOWS\system32\igahskbl.dll" [06/19/2008 09:55 PM]
"BM1f92eb1a"="C:\WINDOWS\system32\fwfrosjc.dll" [06/17/2008 09:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"ares"="C:\Documents and Settings\Hiraga\Desktop\Ares.exe" [12/31/2007 07:29 AM]

C:\Documents and Settings\Hiraga\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [5/26/2008 2:17:50 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}"= C:\WINDOWS\system32\ljJyXqRj.dll [06/15/2008 09:44 PM 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kfrfunbp] 
kfrfunbp.dll 02/20/2008 07:59 PM 163904 C:\WINDOWS\system32\kfrfunbp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJyXqRj] 
ljJyXqRj.dll 06/15/2008 09:44 PM 29824 C:\WINDOWS\system32\ljJyXqRj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHAQih

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-20 00:49:49 ------------

Edited by adrenalist, 20 June 2008 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 20 June 2008 - 12:13 PM

Hello adrenalist,

I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
----------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
Do not use CODE in your reply please, as it's hard to read the reports, just post them as they are.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 adrenalist

adrenalist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 21 June 2008 - 12:08 AM

ComboFix 08-06-20.1 - Hiraga 2008-06-20 21:13:15.3 - NTFSx86
Running from: C:\Documents and Settings\Hiraga\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1f92eb1a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXQHaWo.dll
C:\WINDOWS\system32\cbXQIyYp.dll
C:\WINDOWS\system32\efcYSlJA.dll
C:\WINDOWS\system32\fccywvWo.dll
C:\WINDOWS\system32\fwfrosjc.dll
C:\WINDOWS\system32\hiQAHkkj.ini
C:\WINDOWS\system32\hiQAHkkj.ini2
C:\WINDOWS\system32\jkkHAQih.dll
C:\WINDOWS\system32\jkklKBSj.dll
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\ljJyXqRj.dll
C:\WINDOWS\system32\nnnmlICt.dll
C:\WINDOWS\system32\pmnkJyvU.dll
C:\WINDOWS\system32\qoMghiih.dll
C:\WINDOWS\system32\wvUmllJA.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-20 04:50 . 2008-06-20 21:37 1,583,335 ---hs---- C:\WINDOWS\system32\swehpfts.ini
2008-06-20 04:50 . 2008-06-20 04:50 92,416 --a------ C:\WINDOWS\system32\stfphews.dll
2008-06-20 00:25 . 2008-06-20 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 00:04 . 2008-06-20 00:04 <DIR> d-------- C:\Deckard
2008-06-19 21:55 . 2008-06-20 16:43 1,539,773 --ahs---- C:\WINDOWS\system32\lbkshagi.ini
2008-06-18 21:55 . 2008-06-19 20:19 1,693,363 --ahs---- C:\WINDOWS\system32\hvsvghto.ini
2008-06-17 21:59 . 2008-06-18 12:11 1,408,660 --ahs---- C:\WINDOWS\system32\dtdvcopy.ini
2008-06-17 07:16 . 2008-06-17 07:16 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\InterVideo
2008-06-16 22:43 . 2008-06-17 07:12 <DIR> d-------- C:\Program Files\PartyGaming
2008-06-16 21:53 . 2008-06-17 21:54 1,408,272 --ahs---- C:\WINDOWS\system32\dkbsslvs.ini
2008-06-16 14:56 . 2008-06-16 15:00 <DIR> d-------- C:\Program Files\anyMania
2008-06-16 13:46 . 2008-06-16 13:47 <DIR> d-------- C:\Program Files\AskSBar
2008-06-16 13:45 . 2008-06-16 13:46 <DIR> d-------- C:\Program Files\Gamevance
2008-06-16 11:03 . 2008-06-16 11:03 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer
2008-06-15 18:56 . 2008-06-16 15:03 31 --a------ C:\WINDOWS\TGLauncher.INI
2008-06-15 17:08 . 2008-06-15 17:08 <DIR> d-------- C:\Program Files\Trinity Entertainment
2008-06-11 10:56 . 2008-04-14 04:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:56 . 2008-04-14 04:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:00 . 2008-06-10 19:00 65,536 --a------ C:\WINDOWS\IFinst27.exe
2008-06-09 14:23 . 2008-06-09 14:23 <DIR> d-------- C:\Program Files\uTorrent
2008-06-09 14:23 . 2008-06-10 18:22 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\uTorrent
2008-06-03 20:48 . 2008-06-03 21:21 <DIR> d-------- C:\WINDOWS\.EPIC_file_store_32
2008-05-28 16:09 . 2008-05-28 16:09 <DIR> d-------- C:\Program Files\Gravity
2008-05-27 20:58 . 2008-05-27 20:59 <DIR> d-------- C:\Program Files\Emsa DLL Register Tool
2008-05-27 10:36 . 2008-06-20 21:39 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\Hamachi
2008-05-26 18:09 . 2008-05-26 18:12 <DIR> d-------- C:\Program Files\euro gunz beta 6
2008-05-26 16:06 . 2008-05-26 16:06 <DIR> d-------- C:\Program Files\BGM maker
2008-05-26 15:58 . 2008-05-26 15:58 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\NCH Swift Sound
2008-05-26 15:58 . 2008-05-26 15:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-05-26 15:52 . 2008-05-26 15:52 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\Someplayer
2008-05-26 14:17 . 2008-05-26 14:17 <DIR> d-------- C:\Program Files\Hamachi
2008-05-26 14:17 . 2008-05-26 14:17 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-23 23:28 . 2008-06-20 21:31 5 --a------ C:\Program Files\ntde.dat
2008-05-23 23:22 . 2008-05-23 23:22 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-23 23:11 . 2008-05-23 23:11 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\rzgunz.com
2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\EpicGamerz
2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EpicGamerz
2008-05-23 22:53 . 2008-05-23 22:53 <DIR> d-------- C:\Program Files\EpicGamerz
2008-05-23 22:24 . 2008-06-12 03:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-21 20:12 . 2008-05-21 20:12 <DIR> d-------- C:\WINDOWS\MyBadRose Online Private Server Patch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 04:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 18:54 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\MSN6
2008-06-20 13:24 --------- d-----w C:\Program Files\Angels Online
2008-06-12 10:34 --------- d-----w C:\Program Files\VstPlugins
2008-06-12 10:34 --------- d-----w C:\Program Files\Image-Line
2008-06-12 10:34 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Dev-Cpp
2008-06-11 01:49 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-11 01:49 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-11 01:49 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-11 01:49 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-11 01:49 --------- d-----w C:\Program Files\Symantec
2008-06-04 04:23 --------- d-----w C:\Program Files\Java
2008-05-27 22:30 --------- d--h--w C:\Documents and Settings\Hiraga\Application Data\ijjigame
2008-05-27 22:23 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Ventrilo
2008-05-24 06:22 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-22 20:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 03:52 --------- d-----w C:\Program Files\Google
2008-05-18 04:09 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\www.TheXSoft.com
2008-05-18 03:00 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Apple Computer
2008-05-18 02:58 --------- d-----w C:\Program Files\iTunes
2008-05-18 02:57 --------- d-----w C:\Program Files\iPod
2008-05-18 02:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-18 02:54 --------- d-----w C:\Program Files\Bonjour
2008-05-18 02:51 --------- d-----w C:\Program Files\QuickTime
2008-05-18 02:46 --------- d-----w C:\Program Files\Apple Software Update
2008-05-18 02:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-05-16 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 19:06 --------- d-----w C:\Program Files\NHN USA
2008-05-15 06:05 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Ulead Systems
2008-05-14 23:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-05-13 02:49 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-13 02:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-05-13 02:46 --------- d-----w C:\Program Files\Windows Media Components
2008-05-13 02:46 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-13 02:44 --------- d-----w C:\Program Files\Ulead Systems
2008-05-13 02:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-05-12 23:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\IJJIGame
2008-05-12 06:26 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\CyberLink
2008-05-12 06:21 --------- d-----w C:\Program Files\FlashGet
2008-05-12 06:20 --------- d-----w C:\Program Files\CyberLink
2008-05-12 06:18 --------- d-----w C:\Program Files\SmartSound Software
2008-05-12 06:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-05-12 05:52 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-12 05:39 --------- d-----w C:\Program Files\SourceTec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 23:30 --------- d-----w C:\Program Files\Ares
2008-05-03 23:29 --------- d-----w C:\Program Files\PremiumSoft
2008-05-01 04:10 --------- d-----w C:\Program Files\Ventrilo
2008-05-01 04:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 05:49 --------- d-----w C:\Program Files\Triggersoft
2008-04-28 04:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-04-28 04:22 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-28 02:13 704,512 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-04-24 02:42 58,776 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-14 03:37 180,736 ----a-w C:\Documents and Settings\Hiraga\obgarg.exe
2008-03-13 04:09 180,736 ----a-w C:\Documents and Settings\Hiraga\Application Data\obgarg.exe
2008-03-13 04:07 69,120 ----a-w C:\Documents and Settings\Hiraga\Application Data\obgargu.exe
2008-02-26 05:10 8 --sh--r C:\WINDOWS\system32\CDDE54589C.sys
2008-02-26 05:10 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 21:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-24 11:50 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c891ef1-bbb2-4487-81f7-ddf0ea8d640f}]
C:\WINDOWS\system32\ypufjhkb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"ares"="C:\Documents and Settings\Hiraga\Desktop\Ares.exe" [2007-12-31 07:29 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"DXDllRegExe"="dxdllreg.exe" []
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-06-09 20:07 638976]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-06-24 19:32 4800512]
"nwiz"="nwiz.exe" [2003-06-24 19:32 323584 C:\WINDOWS\system32\nwiz.exe]
"Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-07-08 22:21 1171456]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 23:49 718704]
"obgarg"="C:\Documents and Settings\Hiraga\obgarg.exe" [2008-03-13 20:37 180736]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2008-06-16 13:45 79360]
"1ca1d886"="C:\WINDOWS\system32\stfphews.dll" [2008-06-20 04:50 92416]

C:\Documents and Settings\Hiraga\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-05-26 14:17:50 624416]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kfrfunbp]
kfrfunbp.dll 2008-02-20 19:59 163904 C:\WINDOWS\system32\kfrfunbp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Hiraga\\Desktop\\New Folder\\Dance_downloader_us_5-12-2008.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-20 20:52]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 20:02:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-21 04:39:16 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-17 03:23:45 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Hiraga.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exep/TASK:
"2008-06-19 01:32:00 C:\WINDOWS\Tasks\WebReg 20080102183253.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20080102183253 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 21:37:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\stfphews.dll
-> C:\Program Files\Gamevance\gvwslib.dll
-> C:\Program Files\Gamevance\gvcfglib.dll
-> C:\Program Files\Gamevance\gvhlp.dll
-> C:\Program Files\Gamevance\gvpop.dll
-> C:\Program Files\Gamevance\gvutil.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-20 21:48:39 - machine was rebooted [Hiraga]
ComboFix-quarantined-files.txt 2008-06-21 04:48:20

Pre-Run: 9,794,662,400 bytes free
Post-Run: 13,366,767,616 bytes free

256 --- E O F --- 2008-06-12 21:42:52




Deckard's System Scanner v20071014.68
Run by Hiraga on 2008-06-20 22:02:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Hiraga.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:46 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Hiraga\Desktop\Ares.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Hiraga\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hiraga.exe

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {f046d8ae-0fdd-7f18-7844-2bbb1fe198c9} - {9c891ef1-bbb2-4487-81f7-ddf0ea8d640f} - C:\WINDOWS\system32\ypufjhkb.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [obgarg] "C:\Documents and Settings\Hiraga\obgarg.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [1ca1d886] rundll32.exe "C:\WINDOWS\system32\stfphews.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: kfrfunbp - C:\WINDOWS\SYSTEM32\kfrfunbp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10695 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 21:27:23 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-20 16:07:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-20 16:07:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-20 16:07:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 16:07:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-20 16:07:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-20 16:07:27 98816 --a------ C:\WINDOWS\sed.exe
2008-06-20 16:07:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-20 16:07:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-20 04:50:35 92416 --a------ C:\WINDOWS\system32\stfphews.dll
2008-06-20 00:25:31 0 d-------- C:\Program Files\Trend Micro
2008-06-17 07:16:15 0 d-------- C:\Documents and Settings\Hiraga\Application Data\InterVideo
2008-06-16 22:43:40 0 d-------- C:\Program Files\PartyGaming
2008-06-16 14:56:50 0 d-------- C:\Program Files\anyMania
2008-06-16 13:46:38 0 d-------- C:\Program Files\AskSBar
2008-06-16 13:45:20 0 d-------- C:\Program Files\Gamevance
2008-06-16 11:03:24 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer
2008-06-15 17:08:55 0 d-------- C:\Program Files\Trinity Entertainment
2008-06-10 19:00:09 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-06-09 14:23:44 0 d-------- C:\Program Files\uTorrent
2008-06-09 14:23:38 0 d-------- C:\Documents and Settings\Hiraga\Application Data\uTorrent
2008-06-03 20:48:12 0 d-------- C:\WINDOWS\.EPIC_file_store_32
2008-05-28 16:09:06 0 d-------- C:\Program Files\Gravity
2008-05-27 20:58:19 0 d-------- C:\Program Files\Emsa DLL Register Tool
2008-05-27 10:36:11 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Hamachi
2008-05-26 18:09:35 0 d-------- C:\Program Files\euro gunz beta 6
2008-05-26 16:06:14 0 d-------- C:\Program Files\BGM maker
2008-05-26 15:58:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-05-26 15:58:11 0 d-------- C:\Documents and Settings\Hiraga\Application Data\NCH Swift Sound
2008-05-26 15:52:53 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Someplayer
2008-05-26 14:17:50 0 d-------- C:\Program Files\Hamachi
2008-05-23 23:28:55 5 --a------ C:\Program Files\ntde.dat
2008-05-23 23:22:46 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-23 23:11:46 0 d-------- C:\Documents and Settings\Hiraga\Application Data\rzgunz.com
2008-05-23 23:02:51 0 d-------- C:\Documents and Settings\Hiraga\Application Data\EpicGamerz
2008-05-23 23:02:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EpicGamerz
2008-05-23 22:53:52 0 d-------- C:\Program Files\EpicGamerz
2008-05-23 22:27:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2008-05-23 22:24:19 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-21 20:12:48 0 d-------- C:\WINDOWS\MyBadRose Online Private Server Patch
2008-05-20 19:52:10 0 d-------- C:\i386


-- Find3M Report ---------------------------------------------------------------

2008-06-20 21:27:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 11:54:23 0 d-------- C:\Documents and Settings\Hiraga\Application Data\MSN6
2008-06-20 06:24:09 0 d-------- C:\Program Files\Angels Online <ANGELS~1>
2008-06-12 03:40:09 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Macromedia
2008-06-12 03:39:24 0 d-------- C:\Program Files\Common Files
2008-06-12 03:34:46 0 d-------- C:\Program Files\VstPlugins
2008-06-12 03:34:46 0 d-------- C:\Program Files\Image-Line
2008-06-12 03:34:13 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Dev-Cpp
2008-06-10 18:49:11 0 d-------- C:\Program Files\Symantec
2008-06-03 21:23:13 0 d-------- C:\Program Files\Java
2008-05-27 20:52:53 0 d-------- C:\Program Files\Movie Maker
2008-05-27 15:30:15 0 d--h----- C:\Documents and Settings\Hiraga\Application Data\ijjigame
2008-05-27 15:23:17 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Ventrilo
2008-05-23 23:22:45 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-22 13:07:16 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 20:52:29 0 d-------- C:\Program Files\Google
2008-05-17 21:09:25 0 d-------- C:\Documents and Settings\Hiraga\Application Data\www.TheXSoft.com
2008-05-17 20:00:34 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Apple Computer
2008-05-17 19:58:40 0 d-------- C:\Program Files\iTunes
2008-05-17 19:57:44 0 d-------- C:\Program Files\iPod
2008-05-17 19:54:10 0 d-------- C:\Program Files\Bonjour
2008-05-17 19:51:01 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:46:26 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 18:39:35 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Help
2008-05-16 12:06:56 0 d-------- C:\Program Files\NHN USA
2008-05-16 12:06:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 23:05:07 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Ulead Systems
2008-05-12 19:49:16 0 d-------- C:\Program Files\Common Files\InterVideo
2008-05-12 19:46:22 0 d-------- C:\Program Files\Windows Media Components
2008-05-12 19:46:21 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-12 19:44:14 0 d-------- C:\Program Files\Ulead Systems
2008-05-11 23:26:24 0 d-------- C:\Documents and Settings\Hiraga\Application Data\CyberLink
2008-05-11 23:21:31 0 d-------- C:\Program Files\FlashGet
2008-05-11 23:20:38 0 d-------- C:\Program Files\CyberLink
2008-05-11 23:18:39 0 d-------- C:\Program Files\SmartSound Software
2008-05-11 22:52:00 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-11 22:39:44 0 d-------- C:\Program Files\SourceTec
2008-05-04 16:30:52 0 d-------- C:\Program Files\Ares
2008-05-04 16:27:09 0 d-------- C:\Documents and Settings\Hiraga\Application Data\Adobe
2008-05-03 16:29:28 0 d-------- C:\Program Files\PremiumSoft
2008-04-30 21:10:58 0 d-------- C:\Program Files\Ventrilo
2008-04-30 21:09:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 22:49:03 0 d-------- C:\Program Files\Triggersoft
2008-04-27 21:22:52 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-27 19:13:36 704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 09:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/24/2008 11:50 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c891ef1-bbb2-4487-81f7-ddf0ea8d640f}]
C:\WINDOWS\system32\ypufjhkb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 09:05 PM 349552]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/16/2008 01:46 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [08/20/2002 11:29 AM]
"DXDllRegExe"="dxdllreg.exe" []
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06/09/2003 08:07 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [06/24/2003 07:32 PM C:\WINDOWS\system32\nwiz.exe]
"Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [07/08/2003 10:21 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/25/2003 12:24 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 06:47 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/06/2008 11:49 PM]
"obgarg"="C:\Documents and Settings\Hiraga\obgarg.exe" [03/13/2008 08:37 PM]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03/03/2007 02:12 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [06/16/2008 01:45 PM]
"1ca1d886"="C:\WINDOWS\system32\stfphews.dll" [06/20/2008 04:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"ares"="C:\Documents and Settings\Hiraga\Desktop\Ares.exe" [12/31/2007 07:29 AM]

C:\Documents and Settings\Hiraga\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [5/26/2008 2:17:50 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kfrfunbp]
kfrfunbp.dll 02/20/2008 07:59 PM 163904 C:\WINDOWS\system32\kfrfunbp.dll

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-20 22:03:25 ------------

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 21 June 2008 - 07:35 AM

Hello adrenalist,

Thanks for the Combofix report. I will need sometime to check it out.
Meanwhile i want you to install recovery Console, using the link i gave you in my previous post.
This is the link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
When Recovery Console is installed, and asks you if you want to run Combofix, answer No, to Exit.
----------------------------------------------
I will need Hijackthis and not DSS report any more.
Here is how to dowload HijackThis.

Download HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Do not run it now, just close HijackThis.
----------------------------------------------
I will be back later.

Let me know Recovery Console is installed before we continue.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 adrenalist

adrenalist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 21 June 2008 - 03:35 PM

recovery console is installed and hijackthis has been downloaded.

#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 22 June 2008 - 01:06 AM

Hello adrenalist,

recovery console is installed and hijackthis has been downloaded

Good! :thumbsup:
----------------------------------------------
Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\IFinst27.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Do the same for this file too:

C:\Program Files\ntde.dat

----------------------------------------------
P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Ares
uTorrent


References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you choose not to remove them, please do not use them until this computer is clean.
----------------------------------------------
Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to Add/Remove programs and uninstall your poker programs.

PartyGaming

Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/- This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: {f046d8ae-0fdd-7f18-7844-2bbb1fe198c9} - {9c891ef1-bbb2-4487-81f7-ddf0ea8d640f} - C:\WINDOWS\system32\ypufjhkb.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
>> Fix these two lines, if you removed your Poker programs
O15 - ESC Trusted Zone: http://*.update.microsoft.com


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    http://www.bleepingcomputer.com/forums/t/153254/hijackthis-log/?p=859877
    KILLALL::
    
    Collect::
    C:\WINDOWS\system32\swehpfts.ini
    C:\WINDOWS\system32\stfphews.dll
    C:\WINDOWS\system32\lbkshagi.ini
    C:\WINDOWS\system32\hvsvghto.ini
    C:\WINDOWS\system32\dtdvcopy.ini
    C:\WINDOWS\system32\dkbsslvs.ini
    C:\WINDOWS\TGLauncher.INI
    C:\Documents and Settings\Hiraga\obgarg.exe
    C:\Documents and Settings\Hiraga\Application Data\obgarg.exe
    C:\Documents and Settings\Hiraga\Application Data\obgargu.exe
    C:\WINDOWS\system32\ypufjhkb.dll
    C:\WINDOWS\system32\stfphews.dll
    C:\WINDOWS\system32\kfrfunbp.dll
    
    Folder::
    C:\Program Files\AskSBar
    C:\Program Files\Gamevance
     
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c891ef1-bbb2-4487-81f7-ddf0ea8d640f}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "obgarg"=-
    "Gamevance"=-
    "1ca1d886"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kfrfunbp]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Post back:
Jotti results.
Combofix report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 adrenalist

adrenalist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 22 June 2008 - 04:19 PM

jotti result - IFinst27.exe
Scan for: C:\WINDOWS\IFinst27.exe






Scan taken on 22 Jun 2008 20:24:07 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

jotti scan - ntde.dat

Scan for: C:\Program Files\ntde.dat


Scanner results
Scan taken on 22 Jun 2008 20:28:41 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

combofix report

ComboFix 08-06-20.4 - Hiraga 2008-06-22 13:45:11.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.269 [GMT -7:00]
Running from: C:\Documents and Settings\Hiraga\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hiraga\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
pv: No matching processes found
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hiraga\Application Data\obgarg.exe
C:\Documents and Settings\Hiraga\Application Data\obgargu.exe
C:\Documents and Settings\Hiraga\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Hiraga\obgarg.exe
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\0008BBB7
C:\Program Files\AskSBar\bar\Cache\0008C0A9.bin
C:\Program Files\AskSBar\bar\Cache\0008C30A.bin
C:\Program Files\AskSBar\bar\Cache\0008C52D.bin
C:\Program Files\AskSBar\bar\Cache\0008C78F.bin
C:\Program Files\AskSBar\bar\Cache\0008C9A2.bin
C:\Program Files\AskSBar\bar\Cache\0008CC03.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Gamevance
C:\Program Files\Gamevance\ars.cfg
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Gamevance\gamevancelib32.dll
C:\Program Files\Gamevance\gvcfglib.dll
C:\Program Files\Gamevance\gvhlp.dll
C:\Program Files\Gamevance\gvpop.dll
C:\Program Files\Gamevance\gvtl.dll
C:\Program Files\Gamevance\gvun.exe
C:\Program Files\Gamevance\gvutil.dll
C:\Program Files\Gamevance\gvwslib.dll
C:\Program Files\Gamevance\icon.ico
C:\WINDOWS\system32\dkbsslvs.ini
C:\WINDOWS\system32\dtdvcopy.ini
C:\WINDOWS\system32\hvsvghto.ini
C:\WINDOWS\system32\kfrfunbp.dll
C:\WINDOWS\system32\kfrfunbp.dllbox
C:\WINDOWS\system32\lbkshagi.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\stfphews.dll
C:\WINDOWS\system32\swehpfts.ini
C:\WINDOWS\TGLauncher.INI

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-20 00:25 . 2008-06-20 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 00:04 . 2008-06-20 00:04 <DIR> d-------- C:\Deckard
2008-06-17 07:16 . 2008-06-17 07:16 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\InterVideo
2008-06-16 14:56 . 2008-06-16 15:00 <DIR> d-------- C:\Program Files\anyMania
2008-06-16 11:03 . 2008-06-16 11:03 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer
2008-06-15 17:08 . 2008-06-15 17:08 <DIR> d-------- C:\Program Files\Trinity Entertainment
2008-06-11 10:56 . 2008-06-13 06:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:56 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:00 . 2008-06-10 19:00 65,536 --a------ C:\WINDOWS\IFinst27.exe
2008-06-03 20:48 . 2008-06-03 21:21 <DIR> d-------- C:\WINDOWS\.EPIC_file_store_32
2008-05-28 16:09 . 2008-05-28 16:09 <DIR> d-------- C:\Program Files\Gravity
2008-05-27 20:58 . 2008-05-27 20:59 <DIR> d-------- C:\Program Files\Emsa DLL Register Tool
2008-05-27 10:36 . 2008-06-22 13:54 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\Hamachi
2008-05-26 18:09 . 2008-05-26 18:12 <DIR> d-------- C:\Program Files\euro gunz beta 6
2008-05-26 16:06 . 2008-05-26 16:06 <DIR> d-------- C:\Program Files\BGM maker
2008-05-26 15:58 . 2008-05-26 15:58 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\NCH Swift Sound
2008-05-26 15:58 . 2008-05-26 15:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-05-26 15:52 . 2008-05-26 15:52 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\Someplayer
2008-05-26 14:17 . 2008-05-26 14:17 <DIR> d-------- C:\Program Files\Hamachi
2008-05-26 14:17 . 2008-05-26 14:17 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-23 23:28 . 2008-06-20 23:48 5 --a------ C:\Program Files\ntde.dat
2008-05-23 23:22 . 2008-05-23 23:22 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-23 23:11 . 2008-05-23 23:11 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\rzgunz.com
2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\Hiraga\Application Data\EpicGamerz
2008-05-23 23:02 . 2008-05-23 23:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EpicGamerz
2008-05-23 22:53 . 2008-05-23 22:53 <DIR> d-------- C:\Program Files\EpicGamerz
2008-05-23 22:24 . 2008-06-12 03:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 15:41 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\MSN6
2008-06-22 15:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-22 01:30 --------- d-----w C:\Program Files\Angels Online
2008-06-12 10:34 --------- d-----w C:\Program Files\VstPlugins
2008-06-12 10:34 --------- d-----w C:\Program Files\Image-Line
2008-06-12 10:34 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Dev-Cpp
2008-06-11 01:49 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-11 01:49 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-11 01:49 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-11 01:49 --------- d-----w C:\Program Files\Symantec
2008-06-04 04:23 --------- d-----w C:\Program Files\Java
2008-05-27 22:30 --------- d--h--w C:\Documents and Settings\Hiraga\Application Data\ijjigame
2008-05-27 22:23 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Ventrilo
2008-05-24 06:22 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-22 20:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 03:52 --------- d-----w C:\Program Files\Google
2008-05-18 04:09 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\www.TheXSoft.com
2008-05-18 03:00 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Apple Computer
2008-05-18 02:58 --------- d-----w C:\Program Files\iTunes
2008-05-18 02:57 --------- d-----w C:\Program Files\iPod
2008-05-18 02:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-18 02:54 --------- d-----w C:\Program Files\Bonjour
2008-05-18 02:51 --------- d-----w C:\Program Files\QuickTime
2008-05-18 02:46 --------- d-----w C:\Program Files\Apple Software Update
2008-05-18 02:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-05-16 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 19:06 --------- d-----w C:\Program Files\NHN USA
2008-05-15 06:05 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\Ulead Systems
2008-05-14 23:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-05-13 02:49 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-13 02:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-05-13 02:46 --------- d-----w C:\Program Files\Windows Media Components
2008-05-13 02:46 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-13 02:44 --------- d-----w C:\Program Files\Ulead Systems
2008-05-13 02:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-05-12 23:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\IJJIGame
2008-05-12 06:26 --------- d-----w C:\Documents and Settings\Hiraga\Application Data\CyberLink
2008-05-12 06:21 --------- d-----w C:\Program Files\FlashGet
2008-05-12 06:20 --------- d-----w C:\Program Files\CyberLink
2008-05-12 06:18 --------- d-----w C:\Program Files\SmartSound Software
2008-05-12 06:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-05-12 05:52 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-12 05:39 --------- d-----w C:\Program Files\SourceTec
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-04 23:30 --------- d-----w C:\Program Files\Ares
2008-05-03 23:29 --------- d-----w C:\Program Files\PremiumSoft
2008-05-01 04:10 --------- d-----w C:\Program Files\Ventrilo
2008-05-01 04:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 05:49 --------- d-----w C:\Program Files\Triggersoft
2008-04-28 04:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-04-28 04:22 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-26 05:10 8 --sh--r C:\WINDOWS\system32\CDDE54589C.sys
2008-02-26 05:10 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_21.47.53.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 04:35:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 20:53:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 21:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-24 11:50 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"ares"="C:\Documents and Settings\Hiraga\Desktop\Ares.exe" [2007-12-31 07:29 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"DXDllRegExe"="dxdllreg.exe" []
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-06-09 20:07 638976]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-06-24 19:32 4800512]
"nwiz"="nwiz.exe" [2003-06-24 19:32 323584 C:\WINDOWS\system32\nwiz.exe]
"Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-07-08 22:21 1171456]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 23:49 718704]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Hiraga\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-05-26 14:17:50 624416]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Hiraga\\Desktop\\New Folder\\Dance_downloader_us_5-12-2008.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-20 20:52]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 20:02:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 20:39:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-17 03:23:45 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Hiraga.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exep/TASK:
"2008-06-22 01:32:00 C:\WINDOWS\Tasks\WebReg 20080102183253.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20080102183253 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 13:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-22 14:08:30 - machine was rebooted [Hiraga]
ComboFix-quarantined-files.txt 2008-06-22 21:07:54
ComboFix2.txt 2008-06-21 04:48:41

Pre-Run: 13,210,927,104 bytes free
Post-Run: 13,333,225,472 bytes free

256 --- E O F --- 2008-06-21 16:02:32

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:30 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Hiraga\Desktop\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Hiraga\Desktop\HiJackThis.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9046 bytes

#8 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 23 June 2008 - 06:33 AM

Hello adrenalist,

It looks better :thumbsup:
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O15 - ESC Trusted Zone: http://*.update.microsoft.com


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#9 adrenalist

adrenalist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 26 June 2008 - 03:36 AM

Malwarebytes' Anti-Malware report

Malwarebytes' Anti-Malware 1.18
Database version: 870

1:32:21 AM 6/26/2008
mbam-log-6-26-2008 (01-32-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 148587
Time elapsed: 1 hour(s), 53 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e0a2ad5-1adc-4ec3-90fc-0fb793c9259e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{E108B5F6-4C3E-44D7-92EF-667C014F39DE}\RP59\A0141176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E108B5F6-4C3E-44D7-92EF-667C014F39DE}\RP60\A0142199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:27 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Hiraga\Desktop\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\ijji\ENGLISH\u_gunz.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Documents and Settings\Hiraga\Desktop\HiJackThis.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{1DCC7~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{1DCC7~1\reboot.ini
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8704 bytes

#10 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 26 June 2008 - 06:13 AM

Hello adrenalist,

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. It's preferable to install one of the suggested firewalls.
Vista users, must check compatibility with Vista before installation.

FREE FIREWALLS Tutorial about Firewalls can be found here
----------------------------------------------
Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
Kaspersky report.
A new HijackThis log.
Is the pc running ok?
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 01 July 2008 - 01:19 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users