Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log (Not sure what i have)


  • This topic is locked This topic is locked
18 replies to this topic

#1 Paulmoore123

Paulmoore123

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 March 2009 - 08:43 AM

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52:21, on 01/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Saitek\Software\ProfilerU.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Program Files\Spotify\spotify.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 58.65.233.185 warez-bb.org

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHG~1\getflash.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll

O3 - Toolbar: &WARROCK.PH TOOLBAR - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\Program Files\AMPED\AMPED Toolbar\wphtlb.dll

O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe

O4 - HKLM\..\Run: [88cffb16] rundll32.exe "C:\Windows\system32\xglwqhnw.dll",b

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe

O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O13 - Gopher Prefix: 

O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C322E2A-03EE-4BA2-8F0E-C021D004C3A0}: NameServer = 194.168.4.100,194.168.8.100

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dev5_ap1 - Unknown owner - C:\phpdev5\apache\Apache.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - c:\Program Files\Wavexpress\TVTonic\WXRSS.exe



--

End of file - 13467 bytes


BC AdBot (Login to Remove)

 


#2 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 March 2009 - 03:29 AM

Here is the DDS Log // I also ran a Kaspersky Online Scan last night as well the log is at the end of the DDS log

==========================


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 8:24:10.80 on 06/03/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1082 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager2\IDMan.exe
C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spotify\spotify.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bsplayer-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager2\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashg~1\getflash.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashg~1\fgiebar.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IDMan] c:\program files\internet download manager2\IDMan.exe /onboot
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
StartupFolder: c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\ceditor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager2\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager2\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager2\IEExt.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashg~1\flashget.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {8C322E2A-03EE-4BA2-8F0E-C021D004C3A0} = 194.168.4.100,194.168.8.100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\6n7f3cam.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2008-12-25 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-25 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-25 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090303.001\IDSvix86.sys [2009-3-4 292912]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-26 47640]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-25 115560]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-28 185640]
R2 WXRSS;TVTonic RSS;c:\program files\wavexpress\tvtonic\WXRSS.exe [2008-8-2 142336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1002000.007\symndisv.sys [2008-12-25 40496]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 dev5_ap1;dev5_ap1;"c:\phpdev5\apache\apache.exe" --ntservice --> c:\phpdev5\apache\Apache.exe [?]
S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\drivers\SaiH5F0D.sys [2008-9-30 176640]
S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\drivers\SaiU5F0D.sys [2008-9-30 27264]

=============== Created Last 30 ================

2009-03-05 17:28 <DIR> --d----- c:\program files\CCleaner
2009-03-05 17:20 <DIR> -cd----- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 17:20 <DIR> -cd----- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-03 16:07 250 a------- c:\windows\gmer.ini
2009-03-03 08:33 <DIR> --d----- c:\users\admini~1\appdata\roaming\Malwarebytes
2009-03-03 08:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 08:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 08:33 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-03 08:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 08:33 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-02 19:31 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-03-02 19:28 <DIR> --d--r-- c:\program files\Skype
2009-03-02 19:28 <DIR> --d----- c:\programdata\Skype
2009-03-01 20:44 <DIR> --d----- c:\program files\Internet Download Manager2
2009-03-01 12:51 <DIR> --d----- c:\program files\Trend Micro
2009-02-27 18:50 <DIR> --d----- c:\users\admini~1\appdata\roaming\Spotify
2009-02-27 18:50 <DIR> --d----- c:\program files\Spotify
2009-02-26 22:30 <DIR> --d----- c:\programdata\LogMeIn
2009-02-26 22:30 <DIR> --d----- c:\progra~2\LogMeIn
2009-02-26 22:30 28,984 a------- c:\windows\system32\LMIport.dll
2009-02-26 22:30 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-02-26 22:30 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-02-26 22:30 87,352 a------- c:\windows\system32\LMIinit.dll
2009-02-26 22:30 1,024 a------- C:\.rnd
2009-02-26 22:29 <DIR> --d----- c:\program files\LogMeIn
2009-02-21 15:18 <DIR> --d----- C:\Programs
2009-02-19 21:59 66 a------- c:\windows\SpeederXP.INI
2009-02-19 21:59 5,174 a------- c:\windows\system32\winio.vxd
2009-02-19 21:51 <DIR> --d----- c:\program files\SpeederXP
2009-02-19 21:44 <DIR> --d----- c:\program files\Speed Gear2
2009-02-19 21:41 <DIR> --d----- c:\program files\Speed Gear
2009-02-14 22:55 <DIR> --d----- c:\users\administrator\Tracing
2009-02-14 22:19 <DIR> --d----- c:\program files\Microsoft
2009-02-14 22:18 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-12 19:52 <DIR> --d----- c:\programdata\Channel4
2009-02-12 19:52 <DIR> --d----- c:\progra~2\Channel4
2009-02-12 08:15 <DIR> --d----- c:\windows\SQLTools9_KB960089_ENU
2009-02-12 08:11 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-08 19:12 <DIR> --d----- c:\program files\Gomez
2009-02-08 01:08 <DIR> --d----- c:\program files\TeamViewer
2009-02-07 23:53 <DIR> --d----- c:\windows\system32\QuickTime
2009-02-07 23:12 <DIR> --d----- c:\users\admini~1\appdata\roaming\TeamViewer
2009-02-07 23:12 <DIR> --d----- c:\users\administrator\temp
2009-02-07 19:43 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-05 15:48 <DIR> --d----- c:\windows\.file_store_32

==================== Find3M ====================

2009-02-14 13:01 34 a------- c:\users\administrator\jagex_runescape_preferences.dat
2009-02-01 11:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-22 14:49 206,256 a------- c:\windows\system32\idmmbc.dll
2009-01-01 16:43 1,060,864 a------- c:\windows\system32\mfc71.dll
2008-12-25 19:58 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-25 19:58 86,016 a------- c:\windows\inf\infstor.dat
2008-12-25 19:58 51,200 a------- c:\windows\inf\infpub.dat
2008-12-22 04:59 25,312 a------- c:\windows\system32\DivXVfWCodec.dll
2008-12-22 04:59 25,312 a------- c:\windows\system32\SamsungVfWCodec.dll
2008-12-22 04:59 447,200 a------- c:\windows\system32\OpenQuicktimeLib.dll
2008-12-22 04:59 332,512 a------- c:\windows\system32\3ivxVfWCodec.dll
2008-12-22 04:58 1,155,808 a------- c:\windows\system32\3ivx.dll
2008-12-22 04:52 66,272 a------- c:\windows\system32\libfaac.dll
2008-12-11 20:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-07-26 02:37 174 a--sh--- c:\program files\desktop.ini
2008-07-26 02:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-04 19:15 6,602 a------- c:\program files\install.log
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
1998-05-12 04:01 93,880 a--shr-- c:\windows\configsetroot\COMMAND.COM
1998-05-12 04:01 222,390 a--shr-- c:\windows\configsetroot\IO.SYS
1998-06-29 23:12 9 a--shr-- c:\windows\configsetroot\MSDOS.SYS

============= FINISH: 8:25:01.16 ===============


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 6, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 05, 2009 22:52:43
Records in database: 1872209
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Z:\

Scan statistics:
Files scanned: 388712
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 09:19:10


File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll Infected: not-a-virus:AdTool.Win32.Zango.aq 1
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d7678d7\Report.cab Infected: Trojan.Win32.Obfuscated.auw 1
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d7684ed\Report.cab Infected: Trojan.Win32.Obfuscated.auw 1
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d768ef0\Report.cab Infected: Trojan.Win32.Obfuscated.auw 1
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d76971d\Report.cab Infected: Trojan.Win32.Obfuscated.auw 1

The selected area was scanned.

Attached Files


Edited by Orange Blossom, 06 March 2009 - 06:04 PM.
Merged topics and useless bump posts removed. ~ OB


#3 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 14 March 2009 - 06:48 AM

Still need help

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:27 AM

Posted 15 March 2009 - 07:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 March 2009 - 11:18 AM

Here is the DDS.txt and the attach.txt is attached :thumbup2:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 15:59:44.99 on 16/03/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1110 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bsplayer-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager2\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IDMan] c:\program files\internet download manager2\IDMan.exe /onboot
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager2\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager2\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager2\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {8C322E2A-03EE-4BA2-8F0E-C021D004C3A0} = 194.168.4.100,194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\6n7f3cam.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2008-12-25 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-25 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-25 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSvix86.sys [2009-3-11 292912]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-26 47640]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-25 115560]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-28 185640]
R2 WXRSS;TVTonic RSS;c:\program files\wavexpress\tvtonic\WXRSS.exe [2008-8-2 142336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1002000.007\symndisv.sys [2008-12-25 40496]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 dev5_ap1;dev5_ap1;"c:\phpdev5\apache\apache.exe" --ntservice --> c:\phpdev5\apache\Apache.exe [?]
S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\drivers\SaiH5F0D.sys [2008-9-30 176640]
S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\drivers\SaiU5F0D.sys [2008-9-30 27264]

=============== Created Last 30 ================

2009-03-15 13:07 <DIR> --d----- c:\users\admini~1\appdata\roaming\SPORE
2009-03-13 22:26 <DIR> --d----- c:\users\admini~1\appdata\roaming\LimeWire
2009-03-13 22:25 <DIR> --d----- c:\program files\LimeWire
2009-03-13 21:27 0 a----r-- C:\logwmemory.bin
2009-03-13 21:25 <DIR> --d----- c:\users\admini~1\appdata\roaming\Soldat
2009-03-13 21:25 <DIR> --d----- C:\Soldat
2009-03-13 20:39 <DIR> --d----- c:\program files\Orbiter
2009-03-08 20:07 <DIR> --d----- c:\programdata\Electronic Arts
2009-03-08 20:07 <DIR> --d----- c:\progra~2\Electronic Arts
2009-03-08 18:16 <DIR> --d----- c:\program files\GIMP-2.0
2009-03-07 10:49 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-03-07 10:49 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-03-07 10:49 238,088 a------- c:\windows\system32\xactengine3_1.dll
2009-03-07 10:49 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-03-07 10:49 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-03-07 10:49 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-03-07 10:49 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-03-06 17:53 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-06 17:38 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-06 17:07 <DIR> --d----- c:\windows\962C37EAFDD944A8BCDB842E9A42A664.TMP
2009-03-05 17:28 <DIR> --d----- c:\program files\CCleaner
2009-03-05 17:20 <DIR> -cd----- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 17:20 <DIR> -cd----- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-03 16:07 250 a------- c:\windows\gmer.ini
2009-03-03 08:33 <DIR> --d----- c:\users\admini~1\appdata\roaming\Malwarebytes
2009-03-03 08:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 08:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 08:33 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-03 08:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 08:33 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-02 19:31 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-03-01 20:44 <DIR> --d----- c:\program files\Internet Download Manager2
2009-03-01 12:51 <DIR> --d----- c:\program files\Trend Micro
2009-02-27 18:50 <DIR> --d----- c:\users\admini~1\appdata\roaming\Spotify
2009-02-27 18:50 <DIR> --d----- c:\program files\Spotify
2009-02-26 22:30 <DIR> --d----- c:\programdata\LogMeIn
2009-02-26 22:30 <DIR> --d----- c:\progra~2\LogMeIn
2009-02-26 22:30 28,984 a------- c:\windows\system32\LMIport.dll
2009-02-26 22:30 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-02-26 22:30 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-02-26 22:30 87,352 a------- c:\windows\system32\LMIinit.dll
2009-02-26 22:30 1,024 a------- C:\.rnd
2009-02-26 22:29 <DIR> --d----- c:\program files\LogMeIn
2009-02-26 18:46 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-21 15:18 <DIR> --d----- C:\Programs
2009-02-19 21:59 66 a------- c:\windows\SpeederXP.INI
2009-02-19 21:59 5,174 a------- c:\windows\system32\winio.vxd
2009-02-14 22:55 <DIR> --d----- c:\users\administrator\Tracing
2009-02-14 22:19 <DIR> --d----- c:\program files\Microsoft
2009-02-14 22:18 <DIR> --d----- c:\program files\Windows Live SkyDrive

==================== Find3M ====================

2009-03-14 15:26 34 a------- c:\users\administrator\jagex_runescape_preferences.dat
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-01 11:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-22 14:49 206,256 a------- c:\windows\system32\idmmbc.dll
2009-01-01 16:43 1,060,864 a------- c:\windows\system32\mfc71.dll
2008-12-25 19:58 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-25 19:58 86,016 a------- c:\windows\inf\infstor.dat
2008-12-25 19:58 51,200 a------- c:\windows\inf\infpub.dat
2008-12-22 04:59 25,312 a------- c:\windows\system32\DivXVfWCodec.dll
2008-12-22 04:59 25,312 a------- c:\windows\system32\SamsungVfWCodec.dll
2008-12-22 04:59 447,200 a------- c:\windows\system32\OpenQuicktimeLib.dll
2008-12-22 04:59 332,512 a------- c:\windows\system32\3ivxVfWCodec.dll
2008-12-22 04:58 1,155,808 a------- c:\windows\system32\3ivx.dll
2008-12-22 04:52 66,272 a------- c:\windows\system32\libfaac.dll
2008-07-26 02:37 174 a--sh--- c:\program files\desktop.ini
2008-07-26 02:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-04 19:15 6,602 a------- c:\program files\install.log
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
1998-05-12 04:01 93,880 a--shr-- c:\windows\configsetroot\COMMAND.COM
1998-05-12 04:01 222,390 a--shr-- c:\windows\configsetroot\IO.SYS
1998-06-29 23:12 9 a--shr-- c:\windows\configsetroot\MSDOS.SYS

============= FINISH: 16:00:21.64 ===============

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 18 March 2009 - 10:30 AM

Hello.

Please tell me what issues are present.

With Regards,
The Panda

#7 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 18 March 2009 - 11:22 AM

Hello.

Please tell me what issues are present.

With Regards,
The Panda



Computer is running very slowly. I think i have some malware and kaspersky internet scanner says i have a few trojens.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 18 March 2009 - 11:43 AM

Hello.

The items Kaspersky detected were not active infections.

Let's have a new HijackThis log. We'll try removing some startup items and free up memory.

With Regards,
The Panda

#9 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 18 March 2009 - 12:51 PM

Here you go:
===============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:04, on 18/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager2\IDMan.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVS4YOU\AVSDVDPlayer\AVSDVDPlayer.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager2\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager2\IDMan.exe /onboot
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager2\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager2\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager2\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C322E2A-03EE-4BA2-8F0E-C021D004C3A0}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dev5_ap1 - Unknown owner - C:\phpdev5\apache\Apache.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - c:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 8250 bytes

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 18 March 2009 - 02:18 PM

Hello.

Use HijackThis to Remove Uneeded Startup Entries
Programs that run automatically at startup can take up memory, causing your computer to be slow. Many of these entries are not needed.

Below is a list of entries in your HijackThis log that can be removed safely. Below each entry, you will find a brief description of it. Some are up to preference.

To remove entries you do not want, open HijackThis (if you are using Windows Vista, right click the icon and select Run As Administrator), select "Do a system scan only", put a check mark next to those entries and select "Fix checked".

If you experience any issues after removing any items, use the Backup feature to restore the items.

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager2\IDMan.exe /onboot
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Reboot.

Any improvement?

With Regards,
The Panda

#11 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 19 March 2009 - 11:49 AM

Done all that not really any improvement :thumbup2:

I think its something to do with explorer.exe because when its running my computer is at 99% cpu usage but as soon as i stop running it and do everything else normally it goes down to 7%.

Edited by Paulmoore123, 19 March 2009 - 12:01 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 20 March 2009 - 01:00 PM

Hello.

The explorer.exe is the Windows Explorer shell. Are you sure this is the process in question? *When this is stopped, your desktop icons should disappear.

With Regards,
The Panda

#13 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 20 March 2009 - 02:09 PM

Hello.

The explorer.exe is the Windows Explorer shell. Are you sure this is the process in question? *When this is stopped, your desktop icons should disappear.

With Regards,
The Panda


Yes i'm positive ill run a test while posting this.

Before stopping explorer.exe = Hovering around 57% CPU Usage
Stopping explorer.exe = 4% CPU Usage with same things open as before.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 21 March 2009 - 03:26 PM

Hello.

Sorry for the delay.

Please try updating Windows.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.
  • Click the Start Menu (or Windows Orb), then All Programs, then Windows Update.
  • On the left, choose Change Settings
  • Ensure that the checkbox Use Microsoft Update at the bottom of the window is checked.
  • Press OK and accept the UAC prompt. You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click Check for Updates in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install.

Does it still occur after?

With Regards,
The Panda

#15 Paulmoore123

Paulmoore123
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 21 March 2009 - 03:54 PM

Hello.

Sorry for the delay.

Please try updating Windows.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

  • Click the Start Menu (or Windows Orb), then All Programs, then Windows Update.
  • On the left, choose Change Settings
  • Ensure that the checkbox Use Microsoft Update at the bottom of the window is checked.
  • Press OK and accept the UAC prompt. You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click Check for Updates in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install.

Does it still occur after?

With Regards,
The Panda


Updates are not working they do not download just returns an error message saying cannot download updates, yet i'm connected to the internet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users