Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus Or Spyware. Need Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 diesel_footwear

diesel_footwear

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 05 July 2008 - 07:15 AM

my computer lags every few minutes. but when i come to check the task manager, none hogs the cpu. im not sure but its probably when other users log on to the comp, tho the account they use is limited. Im the only admin and i always run spybot everyweek and the autostart scan of avg every morning.

here's the hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:12 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\Program Files\Garena\Garena.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E6172BEF-BE9E-4CA4-B4F7-695B36A37639} - (no file)
O3 - Toolbar: &Smart Login - {AB4758E0-5BC4-11D6-A846-DCEF4DE0604E} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: SmartLogin - {A972B228-AC83-423F-AEA7-F740B378CAA9} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://kungfuchess.com/activex/web665.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1A8CEC-27B6-4D4C-BE69-FEF63F91DECD}: NameServer = 202.78.97.41 210.4.2.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC194D8-F302-41EB-88F0-A15132BB8CB2}: NameServer = 202.78.97.41,210.4.2.61
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8707 bytes

thanks in advance
edit: oh yeah, everytime i run avg something like this always pops out

file Hosts
result/infection change
path C:/windows/system32/drivers/hosts
dunno if its a virus but i cant seem to put it in the vault

Edited by diesel_footwear, 05 July 2008 - 07:21 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 05 July 2008 - 11:57 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 05 July 2008 - 08:48 PM

I cant seem to find the extra.txt in the folder. only main.txt showed up. here it is.
Deckard's System Scanner v20071014.68
Run by ton2 on 2008-07-06 09:45:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 5.13 GiB (less than 15%) free.


-- HijackThis (run as ton2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:34 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\ton2\My Documents\dss.exe
C:\ton2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E6172BEF-BE9E-4CA4-B4F7-695B36A37639} - (no file)
O3 - Toolbar: &Smart Login - {AB4758E0-5BC4-11D6-A846-DCEF4DE0604E} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: SmartLogin - {A972B228-AC83-423F-AEA7-F740B378CAA9} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://kungfuchess.com/activex/web665.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC194D8-F302-41EB-88F0-A15132BB8CB2}: NameServer = 202.78.97.41,210.4.2.61
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8583 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 09:47:09 396288 --a------ C:\ton2.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-07-06 06:11:49 0 d-------- C:\Documents and Settings\Buloy\Application Data\SUPERAntiSpyware.com
2008-07-05 20:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 20:28:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 20:28:10 0 d-------- C:\Documents and Settings\ton2\Application Data\SUPERAntiSpyware.com
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 19:49:31 0 d-------- C:\VundoFix Backups <VUNDOF~1>
2008-07-05 09:46:11 0 d-------- C:\Program Files\KONAMI
2008-07-02 20:06:26 162596 --a------ C:\WINDOWS\War3Unin.dat
2008-07-02 20:06:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-07-02 20:06:25 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-02 19:46:53 0 d-------- C:\Program Files\Warcraft III
2008-07-01 17:37:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-30 19:46:37 17144 --a------ C:\Documents and Settings\ton2\Application Data\GDIPFONTCACHEV1.DAT
2008-06-27 10:28:04 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Talkback
2008-06-27 10:27:53 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Mozilla
2008-06-27 10:26:26 0 d-------- C:\Documents and Settings\Tonzz\Application Data\AVG7
2008-06-27 10:26:24 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Real
2008-06-27 10:26:11 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Identities
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Templates
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Start Menu
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\SendTo
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Recent
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\PrintHood
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\NetHood
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\My Documents
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Local Settings
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Favorites
2008-06-27 10:25:45 0 d-------- C:\Documents and Settings\Tonzz\Desktop
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Cookies
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Application Data
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Application Data\Microsoft
2008-06-27 10:25:44 2097152 --ah----- C:\Documents and Settings\Tonzz\NTUSER.DAT
2008-06-26 12:21:33 0 d-------- C:\Documents and Settings\Buloy\Application Data\Sun
2008-06-20 10:47:13 0 d-------- C:\WoW-2.0.0-enUS-Installer <WOW-20~1.0-E>
2008-06-20 10:47:00 0 d-------- C:\__MACOSX
2008-06-19 20:29:16 36033 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-19 20:29:13 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-19 20:29:13 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-19 18:08:00 0 d-------- C:\Documents and Settings\Buloy\Application Data\InstallShield
2008-06-19 06:42:16 0 d-------- C:\Documents and Settings\Buloy\Application Data\vlc
2008-06-16 22:24:07 0 d-------- C:\Program Files\netbeans-5.5.1
2008-06-16 20:25:31 0 d-------- C:\Documents and Settings\ton2\.netbeans-registration
2008-06-16 20:24:22 0 d-------- C:\Program Files\NetBeans 6.1
2008-06-16 18:12:47 0 d-------- C:\Documents and Settings\Buloy\Application Data\Adobe
2008-06-16 16:58:36 0 d-------- C:\Documents and Settings\Buloy\Application Data\Talkback
2008-06-16 16:58:25 0 d-------- C:\Documents and Settings\Buloy\Application Data\Mozilla
2008-06-16 13:19:48 1415214 --a------ C:\ko_106.exe
2008-06-16 09:13:12 0 d-------- C:\Documents and Settings\Buloy\Application Data\DivX
2008-06-16 09:13:08 0 d-------- C:\Documents and Settings\Buloy\Application Data\Ahead
2008-06-16 09:05:29 0 d-------- C:\Documents and Settings\Buloy\Application Data\Macromedia
2008-06-16 09:04:59 0 d-------- C:\Documents and Settings\Buloy\Application Data\Yahoo!
2008-06-16 09:04:42 0 d-------- C:\Documents and Settings\Buloy\Application Data\AVG7
2008-06-16 09:04:40 0 d-------- C:\Documents and Settings\Buloy\Application Data\Real
2008-06-16 09:04:21 0 d-------- C:\Documents and Settings\Buloy\Application Data\Identities
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Templates
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Start Menu
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\SendTo
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Recent
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\PrintHood
2008-06-16 09:04:03 4194304 --ah----- C:\Documents and Settings\Buloy\NTUSER.DAT
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\NetHood
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\My Documents
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Local Settings
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Favorites
2008-06-16 09:04:03 0 d-------- C:\Documents and Settings\Buloy\Desktop
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Cookies
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Application Data
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Application Data\Microsoft
2008-06-11 23:41:23 0 d-------- C:\Program Files\Sun
2008-06-11 22:46:00 0 d-------- C:\Documents and Settings\ton2\.SunDownloadManager
2008-06-11 22:36:31 0 d-------- C:\Documents and Settings\ton2\.nbi
2008-06-08 20:38:36 0 d-------- C:\Program Files\Windows AdService
2008-06-08 20:38:35 0 d-------- C:\Program Files\Magic Window Hider
2008-06-08 20:19:43 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-08 20:19:40 0 d-------- C:\Program Files\Stardock
2008-06-08 06:00:48 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-08 05:59:56 0 d-------- C:\Program Files\Taskbar Hide
2008-06-07 13:34:59 264 --a------ C:\WINDOWS\system32\0A-4a.dat
2008-06-07 11:40:30 0 d-------- C:\Program Files\Download Manager
2008-06-07 11:35:19 0 d-------- C:\Documents and Settings\ton2\Application Data\IGN_DLM
2008-06-07 08:28:37 0 d-------- C:\Program Files\Diablo II


-- Find3M Report ---------------------------------------------------------------

2008-07-06 09:35:37 0 d-------- C:\Documents and Settings\ton2\Application Data\AVG7
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files
2008-07-05 18:35:11 0 d-------- C:\Program Files\Garena
2008-07-05 09:50:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 18:11:38 0 d-------- C:\Program Files\Rockwell Software
2008-07-01 18:10:59 0 d-------- C:\Documents and Settings\ton2\Application Data\Yahoo!
2008-07-01 17:47:04 0 d-------- C:\Program Files\BitComet
2008-07-01 10:37:59 0 d-------- C:\Documents and Settings\ton2\Application Data\GetRightToGo
2008-06-27 18:48:29 0 d-------- C:\Program Files\e-Games
2008-06-19 21:09:56 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 22:53:53 0 d-------- C:\Program Files\PPLive
2008-06-11 23:41:08 0 d-------- C:\Program Files\Java
2008-06-04 23:05:45 0 d-------- C:\Documents and Settings\ton2\Application Data\InstallShield
2008-06-04 00:08:48 0 d-------- C:\Documents and Settings\ton2\Application Data\Real
2008-06-04 00:06:47 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-04 00:06:21 0 d-------- C:\Program Files\Common Files\Real
2008-05-11 13:01:42 0 d-------- C:\Documents and Settings\ton2\Application Data\OxygenBag
2008-05-07 20:38:09 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-07 20:36:38 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-04-24 11:07:16 2538 --a------ C:\WINDOWS\unins000.dat
2008-04-24 10:47:09 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [10/25/2005 12:56 PM]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [12/06/2002 04:07 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/28/2008 08:46 AM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [03/31/2003 06:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/04/2008 12:04 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [06/03/2008 11:42 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ton2^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\ton2\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Asus Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
C:\WINDOWS\system32\kxvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa1019e-cf12-11dc-b365-001a92e39516}]
AutoRun\command- lqxo8w.cmd
explore\Command- lqxo8w.cmd
open\Command- lqxo8w.cmd




-- End of Deckard's System Scanner: finished at 2008-07-06 09:48:05 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 06 July 2008 - 07:45 AM

That's ok. We only need that first log to see your problems.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\kxvo.exe
    C:\WINDOWS\system32\ieso0.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa1019e-cf12-11dc-b365-001a92e39516}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



================



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 06 July 2008 - 10:55 PM

OtMoveit Log

File/Folder C:\WINDOWS\system32\kxvo.exe not found.
LoadLibrary failed for C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\ieso0.dll NOT unregistered.
C:\WINDOWS\system32\ieso0.dll moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa1019e-cf12-11dc-b365-001a92e39516} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa1019e-cf12-11dc-b365-001a92e39516}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_212934

Scanning Report
Monday, July 07, 2008 07:32:34 - 11:54:15
--------------------------------------------------------------------------------
F-Secure Scanner report

Computer name: TONZ
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 2 malware found
Packed.Win32.PolyCrypt.h (virus)

* C:\_OTMOVEIT\MOVEDFILES\07062008_212934\WINDOWS\SYSTEM32\IESO0.DLL (Submitted)

Worm.Win32.AutoRun.asb (virus)

* C:\REMOVABLE DISK (H)\AUTORUN.INF (Renamed & Submitted)

Statistics
Scanned:

* Files: 129817
* System: 12371
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 1
* Submitted: 2

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-06
* F-Secure AVP: 7.0.171, 2008-07-05
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

---------------------------------------------------------------------------------------------------------------------

Hijackthis log from dss.exe

Deckard's System Scanner v20071014.68
Run by ton2 on 2008-07-07 11:57:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.69 GiB (less than 15%) free.


-- HijackThis (run as ton2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:59 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ton2\My Documents\dss.exe
C:\ton2.exe
C:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E6172BEF-BE9E-4CA4-B4F7-695B36A37639} - (no file)
O3 - Toolbar: &Smart Login - {AB4758E0-5BC4-11D6-A846-DCEF4DE0604E} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1004336348-1972579041-725345543-1008\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Buloy')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: SmartLogin - {A972B228-AC83-423F-AEA7-F740B378CAA9} - C:\PROGRA~1\SMARTL~1\SmHToolBand.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://kungfuchess.com/activex/web665.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC194D8-F302-41EB-88F0-A15132BB8CB2}: NameServer = 202.78.97.41,210.4.2.61
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8914 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-06 23:35:03 0 d-------- C:\fsaua.data <FSAUA~1.DAT>
2008-07-06 09:47:09 396288 --a------ C:\ton2.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-07-06 06:11:49 0 d-------- C:\Documents and Settings\Buloy\Application Data\SUPERAntiSpyware.com
2008-07-05 20:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 20:28:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 20:28:10 0 d-------- C:\Documents and Settings\ton2\Application Data\SUPERAntiSpyware.com
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 19:49:31 0 d-------- C:\VundoFix Backups <VUNDOF~1>
2008-07-05 09:46:11 0 d-------- C:\Program Files\KONAMI
2008-07-02 20:06:26 184451 --a------ C:\WINDOWS\War3Unin.dat
2008-07-02 20:06:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-07-02 20:06:25 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-02 19:46:53 0 d-------- C:\Program Files\Warcraft III
2008-07-01 17:37:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-30 19:46:37 17144 --a------ C:\Documents and Settings\ton2\Application Data\GDIPFONTCACHEV1.DAT
2008-06-27 10:28:04 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Talkback
2008-06-27 10:27:53 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Mozilla
2008-06-27 10:26:26 0 d-------- C:\Documents and Settings\Tonzz\Application Data\AVG7
2008-06-27 10:26:24 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Real
2008-06-27 10:26:11 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Identities
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Templates
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Start Menu
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\SendTo
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Recent
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\PrintHood
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\NetHood
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\My Documents
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Local Settings
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Favorites
2008-06-27 10:25:45 0 d-------- C:\Documents and Settings\Tonzz\Desktop
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Cookies
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Application Data
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Application Data\Microsoft
2008-06-27 10:25:44 2097152 --ah----- C:\Documents and Settings\Tonzz\NTUSER.DAT
2008-06-26 12:21:33 0 d-------- C:\Documents and Settings\Buloy\Application Data\Sun
2008-06-20 10:47:13 0 d-------- C:\WoW-2.0.0-enUS-Installer <WOW-20~1.0-E>
2008-06-20 10:47:00 0 d-------- C:\__MACOSX
2008-06-19 20:29:16 36033 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-19 20:29:13 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-19 20:29:13 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-19 18:08:00 0 d-------- C:\Documents and Settings\Buloy\Application Data\InstallShield
2008-06-19 06:42:16 0 d-------- C:\Documents and Settings\Buloy\Application Data\vlc
2008-06-16 22:24:07 0 d-------- C:\Program Files\netbeans-5.5.1
2008-06-16 20:25:31 0 d-------- C:\Documents and Settings\ton2\.netbeans-registration
2008-06-16 20:24:22 0 d-------- C:\Program Files\NetBeans 6.1
2008-06-16 18:12:47 0 d-------- C:\Documents and Settings\Buloy\Application Data\Adobe
2008-06-16 16:58:36 0 d-------- C:\Documents and Settings\Buloy\Application Data\Talkback
2008-06-16 16:58:25 0 d-------- C:\Documents and Settings\Buloy\Application Data\Mozilla
2008-06-16 13:19:48 1415214 --a------ C:\ko_106.exe
2008-06-16 09:13:12 0 d-------- C:\Documents and Settings\Buloy\Application Data\DivX
2008-06-16 09:13:08 0 d-------- C:\Documents and Settings\Buloy\Application Data\Ahead
2008-06-16 09:05:29 0 d-------- C:\Documents and Settings\Buloy\Application Data\Macromedia
2008-06-16 09:04:59 0 d-------- C:\Documents and Settings\Buloy\Application Data\Yahoo!
2008-06-16 09:04:42 0 d-------- C:\Documents and Settings\Buloy\Application Data\AVG7
2008-06-16 09:04:40 0 d-------- C:\Documents and Settings\Buloy\Application Data\Real
2008-06-16 09:04:21 0 d-------- C:\Documents and Settings\Buloy\Application Data\Identities
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Templates
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Start Menu
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\SendTo
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Recent
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\PrintHood
2008-06-16 09:04:03 4194304 --ah----- C:\Documents and Settings\Buloy\NTUSER.DAT
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\NetHood
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\My Documents
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Local Settings
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Favorites
2008-06-16 09:04:03 0 d-------- C:\Documents and Settings\Buloy\Desktop
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Cookies
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Application Data
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Application Data\Microsoft
2008-06-11 23:41:23 0 d-------- C:\Program Files\Sun
2008-06-11 22:46:00 0 d-------- C:\Documents and Settings\ton2\.SunDownloadManager
2008-06-11 22:36:31 0 d-------- C:\Documents and Settings\ton2\.nbi
2008-06-08 20:38:36 0 d-------- C:\Program Files\Windows AdService
2008-06-08 20:38:35 0 d-------- C:\Program Files\Magic Window Hider
2008-06-08 20:19:43 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-08 20:19:40 0 d-------- C:\Program Files\Stardock
2008-06-08 06:00:48 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-08 05:59:56 0 d-------- C:\Program Files\Taskbar Hide
2008-06-07 13:34:59 264 --a------ C:\WINDOWS\system32\0A-4a.dat
2008-06-07 11:40:30 0 d-------- C:\Program Files\Download Manager
2008-06-07 11:35:19 0 d-------- C:\Documents and Settings\ton2\Application Data\IGN_DLM
2008-06-07 08:28:37 0 d-------- C:\Program Files\Diablo II


-- Find3M Report ---------------------------------------------------------------

2008-07-06 23:17:51 0 d-------- C:\Program Files\Garena
2008-07-06 09:54:36 0 d-------- C:\Program Files\Panda Security
2008-07-06 09:35:37 0 d-------- C:\Documents and Settings\ton2\Application Data\AVG7
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files
2008-07-05 09:50:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 18:11:38 0 d-------- C:\Program Files\Rockwell Software
2008-07-01 18:10:59 0 d-------- C:\Documents and Settings\ton2\Application Data\Yahoo!
2008-07-01 17:47:04 0 d-------- C:\Program Files\BitComet
2008-07-01 10:37:59 0 d-------- C:\Documents and Settings\ton2\Application Data\GetRightToGo
2008-06-27 18:48:29 0 d-------- C:\Program Files\e-Games
2008-06-19 21:09:56 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 22:53:53 0 d-------- C:\Program Files\PPLive
2008-06-11 23:41:08 0 d-------- C:\Program Files\Java
2008-06-04 23:05:45 0 d-------- C:\Documents and Settings\ton2\Application Data\InstallShield
2008-06-04 00:08:48 0 d-------- C:\Documents and Settings\ton2\Application Data\Real
2008-06-04 00:06:47 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-04 00:06:21 0 d-------- C:\Program Files\Common Files\Real
2008-05-11 13:01:42 0 d-------- C:\Documents and Settings\ton2\Application Data\OxygenBag
2008-05-07 20:38:09 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-07 20:36:38 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-04-24 11:07:16 2538 --a------ C:\WINDOWS\unins000.dat
2008-04-24 10:47:09 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [10/25/2005 12:56 PM]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [12/06/2002 04:07 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/28/2008 08:46 AM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [03/31/2003 06:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/04/2008 12:04 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [06/03/2008 11:42 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ton2^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\ton2\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Asus Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2008-07-07 11:59:26 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 07 July 2008 - 07:57 AM

Looking good.

For this next step you will need to disable Spybot's Teatimer or it will interfere with Hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
===================

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll (file missing)
O3 - Toolbar: (no name) - {E6172BEF-BE9E-4CA4-B4F7-695B36A37639} - (no file)
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -



Reboot your computer and post a new hijackthis log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 07 July 2008 - 09:46 AM

hm, its still there, i was playing warcraft then it still lags every few minutes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 07 July 2008 - 10:57 AM

Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 07 July 2008 - 11:22 AM

Deckard's System Scanner v20071014.68
Run by ton2 on 2008-07-08 00:24:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.34 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-08 00:25:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Magic Window Hider\magic.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ton2\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Smart Login - {AB4758E0-5BC4-11D6-A846-DCEF4DE0604E} - C:\Program Files\SmartLogin\SmHToolBand.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: SmartLogin - {A972B228-AC83-423F-AEA7-F740B378CAA9} - C:\Program Files\SmartLogin\SmHToolBand.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} () - http://kungfuchess.com/activex/web665.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C1A8CEC-27B6-4D4C-BE69-FEF63F91DECD}: NameServer = 210.4.2.61 202.78.97.41
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7FC194D8-F302-41EB-88F0-A15132BB8CB2}: NameServer = 202.78.97.41,210.4.2.61
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 9447 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-07 21:05:34 0 d-------- C:\backups
2008-07-06 23:35:03 0 d-------- C:\fsaua.data
2008-07-06 09:47:09 396288 --a------ C:\ton2.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-07-06 06:11:49 0 d-------- C:\Documents and Settings\Buloy\Application Data\SUPERAntiSpyware.com
2008-07-05 20:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 20:28:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 20:28:10 0 d-------- C:\Documents and Settings\ton2\Application Data\SUPERAntiSpyware.com
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 19:49:31 0 d-------- C:\VundoFix Backups
2008-07-05 09:46:11 0 d-------- C:\Program Files\KONAMI
2008-07-02 20:06:26 184451 --a------ C:\WINDOWS\War3Unin.dat
2008-07-02 20:06:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-07-02 20:06:25 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-02 19:46:53 0 d-------- C:\Program Files\Warcraft III
2008-07-01 17:37:17 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-30 19:46:37 17144 --a------ C:\Documents and Settings\ton2\Application Data\GDIPFONTCACHEV1.DAT
2008-06-27 10:28:04 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Talkback
2008-06-27 10:27:53 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Mozilla
2008-06-27 10:26:26 0 d-------- C:\Documents and Settings\Tonzz\Application Data\AVG7
2008-06-27 10:26:24 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Real
2008-06-27 10:26:11 0 d-------- C:\Documents and Settings\Tonzz\Application Data\Identities
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Templates
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Start Menu
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\SendTo
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Recent
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\PrintHood
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\NetHood
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\My Documents
2008-06-27 10:25:45 0 d--h----- C:\Documents and Settings\Tonzz\Local Settings
2008-06-27 10:25:45 0 dr------- C:\Documents and Settings\Tonzz\Favorites
2008-06-27 10:25:45 0 d-------- C:\Documents and Settings\Tonzz\Desktop
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Cookies
2008-06-27 10:25:45 0 dr-h----- C:\Documents and Settings\Tonzz\Application Data
2008-06-27 10:25:45 0 d---s---- C:\Documents and Settings\Tonzz\Application Data\Microsoft
2008-06-27 10:25:44 2097152 --ah----- C:\Documents and Settings\Tonzz\NTUSER.DAT
2008-06-26 12:21:33 0 d-------- C:\Documents and Settings\Buloy\Application Data\Sun
2008-06-20 10:47:13 0 d-------- C:\WoW-2.0.0-enUS-Installer
2008-06-20 10:47:00 0 d-------- C:\__MACOSX
2008-06-19 20:29:16 36033 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-19 20:29:13 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-19 20:29:13 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-19 18:08:00 0 d-------- C:\Documents and Settings\Buloy\Application Data\InstallShield
2008-06-19 06:42:16 0 d-------- C:\Documents and Settings\Buloy\Application Data\vlc
2008-06-16 22:24:07 0 d-------- C:\Program Files\netbeans-5.5.1
2008-06-16 20:25:31 0 d-------- C:\Documents and Settings\ton2\.netbeans-registration
2008-06-16 20:24:22 0 d-------- C:\Program Files\NetBeans 6.1
2008-06-16 18:12:47 0 d-------- C:\Documents and Settings\Buloy\Application Data\Adobe
2008-06-16 16:58:36 0 d-------- C:\Documents and Settings\Buloy\Application Data\Talkback
2008-06-16 16:58:25 0 d-------- C:\Documents and Settings\Buloy\Application Data\Mozilla
2008-06-16 13:19:48 1415214 --a------ C:\ko_106.exe
2008-06-16 09:13:12 0 d-------- C:\Documents and Settings\Buloy\Application Data\DivX
2008-06-16 09:13:08 0 d-------- C:\Documents and Settings\Buloy\Application Data\Ahead
2008-06-16 09:05:29 0 d-------- C:\Documents and Settings\Buloy\Application Data\Macromedia
2008-06-16 09:04:59 0 d-------- C:\Documents and Settings\Buloy\Application Data\Yahoo!
2008-06-16 09:04:42 0 d-------- C:\Documents and Settings\Buloy\Application Data\AVG7
2008-06-16 09:04:40 0 d-------- C:\Documents and Settings\Buloy\Application Data\Real
2008-06-16 09:04:21 0 d-------- C:\Documents and Settings\Buloy\Application Data\Identities
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Templates
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Start Menu
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\SendTo
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Recent
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\PrintHood
2008-06-16 09:04:03 4194304 --ah----- C:\Documents and Settings\Buloy\NTUSER.DAT
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\NetHood
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\My Documents
2008-06-16 09:04:03 0 d--h----- C:\Documents and Settings\Buloy\Local Settings
2008-06-16 09:04:03 0 dr------- C:\Documents and Settings\Buloy\Favorites
2008-06-16 09:04:03 0 d-------- C:\Documents and Settings\Buloy\Desktop
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Cookies
2008-06-16 09:04:03 0 dr-h----- C:\Documents and Settings\Buloy\Application Data
2008-06-16 09:04:03 0 d---s---- C:\Documents and Settings\Buloy\Application Data\Microsoft
2008-06-11 23:41:23 0 d-------- C:\Program Files\Sun
2008-06-11 22:46:00 0 d-------- C:\Documents and Settings\ton2\.SunDownloadManager
2008-06-11 22:36:31 0 d-------- C:\Documents and Settings\ton2\.nbi
2008-06-08 20:38:36 0 d-------- C:\Program Files\Windows AdService
2008-06-08 20:38:35 0 d-------- C:\Program Files\Magic Window Hider
2008-06-08 20:19:43 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-08 20:19:40 0 d-------- C:\Program Files\Stardock
2008-06-08 06:00:48 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-08 05:59:56 0 d-------- C:\Program Files\Taskbar Hide


-- Find3M Report ---------------------------------------------------------------

2008-07-08 00:06:18 0 d-------- C:\Documents and Settings\ton2\Application Data\Mozilla
2008-07-07 22:14:02 0 d-------- C:\Program Files\Diablo II
2008-07-07 16:34:42 0 d-------- C:\Documents and Settings\ton2\Application Data\AVG7
2008-07-06 23:17:51 0 d-------- C:\Program Files\Garena
2008-07-06 09:54:36 0 d-------- C:\Program Files\Panda Security
2008-07-05 20:26:01 0 d-------- C:\Program Files\Common Files
2008-07-05 09:50:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 18:11:38 0 d-------- C:\Program Files\Rockwell Software
2008-07-01 18:10:59 0 d-------- C:\Documents and Settings\ton2\Application Data\Yahoo!
2008-07-01 17:47:04 0 d-------- C:\Program Files\BitComet
2008-07-01 10:37:59 0 d-------- C:\Documents and Settings\ton2\Application Data\GetRightToGo
2008-06-27 18:48:29 0 d-------- C:\Program Files\e-Games
2008-06-19 21:09:56 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 22:53:53 0 d-------- C:\Program Files\PPLive
2008-06-11 23:41:08 0 d-------- C:\Program Files\Java
2008-06-07 13:42:37 264 --a------ C:\WINDOWS\system32\0A-4a.dat
2008-06-07 12:08:38 0 d-------- C:\Documents and Settings\ton2\Application Data\IGN_DLM
2008-06-07 11:40:31 0 d-------- C:\Program Files\Download Manager
2008-06-04 23:05:45 0 d-------- C:\Documents and Settings\ton2\Application Data\InstallShield
2008-06-04 00:08:48 0 d-------- C:\Documents and Settings\ton2\Application Data\Real
2008-06-04 00:06:47 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-04 00:06:21 0 d-------- C:\Program Files\Common Files\Real
2008-05-11 13:01:42 0 d-------- C:\Documents and Settings\ton2\Application Data\OxygenBag
2008-05-07 20:36:38 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-04-24 11:07:16 2538 --a------ C:\WINDOWS\unins000.dat
2008-04-24 10:47:09 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [10/25/2005 12:56 PM]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [12/06/2002 04:07 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/28/2008 08:46 AM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [03/31/2003 06:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/04/2008 12:04 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [06/03/2008 11:42 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ton2^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\ton2\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Asus Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2008-07-08 00:26:25 ------------

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 07 July 2008 - 02:53 PM

Your log is clean and I don't find any signs of malware.
Does this problem occur only when you are playing warcraft?

You might look at Bit Comet running in the background. That can't help things.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 07 July 2008 - 06:41 PM

hm, i tried running it with bitcomet is closed but still the same. not necessarily warcraft but its the program that i run most.

Edited by diesel_footwear, 07 July 2008 - 06:42 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 08 July 2008 - 08:02 AM

Assuming that's the only symptom that you're really having, I think you have to look at other possible issues. There's just no evidence that malware is the culprit.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 diesel_footwear

diesel_footwear
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 08 July 2008 - 08:43 AM

ok. thanks

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:10 AM

Posted 23 July 2008 - 06:38 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users