Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lsass.exe consuming CPU, WinXP won't start completely in normal mode, Virus?


  • This topic is locked This topic is locked
2 replies to this topic

#1 JackCY

JackCY

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 27 November 2009 - 11:43 AM

Hi, my computer has been again infected by trojan or something, NOD32 quarantined 2 files first on 25.11. "c:\Documents and Settings\JackCY\Local Settings\Temp\IS.exe" and on 26.11. "c:\Documents and Settings\JackCY\Local Settings\Temp\newtmp\crs.exe".

Around midnight computer didn't wanted to let me search with firefox, I just entered something in the google search and hit enter, then firefox shown this window, send report about mozilla software crash, buttons are restart firefox and close firefox:
Posted Image

than I tried few times, same effect every time (and so far), but I was and I'm able to surf with Opera still
after few minutes of surfing I realized that something is eating 1 of my CPU cores, it was lsass.exe, so I killed the nasty ... but shutdown -a entered in CMD didn't worked, well it got stuck somewhere and did not finished, so my computer went OFF but meanwhile I was able to countdown the time to my friend on ICQ so the network was still working

Now when I start a computer in normal mode lsass.exe consumes 1 core and the rest of the programs began to start, but when it reaches alcohol.exe, which I have blocked in Firewall no to connect anywhere, it also starts to eat the other CPU core, and I think nothing else starts after that, and Alcohol 120% is not also usable it's stuck somewhere.

So i have to open (which takes a while) process explorer and set the priority of those 2 programs to idle, than I can run the DDS, ...

In emergency mode the windows starts OK and lsass.exe is not consuming one core but runs normally.

I'm beginning to think that I have some hole in Firefox, I had a problem with Winlogon.exe half a year ago but NOD32, adaware and Spybot did the job, but it was also some new .exe's in temp, even with my name JackCY.exe. Don't want to try this method of DIY again, but NOD32 found nothing on 27.11.

Thanks in advance.

---


DDS (Ver_09-11-24.02) - NTFSx86
Run by JackCY at 17:33:19,76 on p  27.11.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.821 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\_app\_sys\Comodo\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\_app\_sys\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\_App\_Copy_Mount_Burn\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\SmartSVN 5\bin\statuscached.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\_app\_sys\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\_App\_Net\_FTP\_Client\WebDrive\wdService.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\_app\_Copy_Mount_Burn\Alcohol 120\Alcohol.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\_app\_sys\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\_app\_sys\Comodo\Firewall\cfp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\_App\_Net\_VPN\OpenVPN-ZCU\bin\openvpn-gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVTray\NVTray.exe
C:\_app\_sys\Rainlendar2\Rainlendar2.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\_App\_Net\_Ftp\Gene6 FTP Server\G6FTPTray.exe
C:\_APP\_VIDEO\_CODECS\FRAPS\FRAPS.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\_app\_Phone\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\PCSuite.exe
C:\_app\_sys\Notebook Hardware Control\nhc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\_app\_sys\_SysInternals\ProcessExplorer\procexp.exe
G:\D\!!!_SorTeD_!!!\!_UTIL_!\_App\_Sys\_Anti_spyware_etc\_Bleepingcomputer.com\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie?hl={SUB_RFC1766}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie?hl={SUB_RFC1766}
mCustomizeSearch = hxxp://www.google.com/preferences?hl={SUB_RFC1766}
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\_app\_sys\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\_app\_net\_downloaders\netxfer\NXIEHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [NVTray] c:\program files\nvtray\NVTray.exe
uRun: [Rainlendar2] c:\_app\_sys\rainlendar2\Rainlendar2.exe
uRun: [G6FTP Server Tray Monitor] "c:\_app\_net\_ftp\gene6 ftp server\G6FTPTray.exe"
uRun: [Fraps] c:\_app\_video\_codecs\fraps\FRAPS.EXE
uRun: [Thunderbird] c:\\program files\\mozilla thunderbird\\thunderbird.exe
uRun: [PC Suite Tray] "c:\_app\_phone\nokia\nokia pc suite 7\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [Alcohol.exe Autorun] c:\_app\_copy_mount_burn\alcohol 120\Alcohol.exe /startup
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [Norton Ghost 14.0] "c:\_app\_sys\norton ghost\agent\VProTray.exe"
mRun: [Acrobat Assistant 7.0] "c:\_app\_sys\acrobat 7.0\distillr\Acrotray.exe"
mRun: [COMODO Firewall Pro] "c:\_app\_sys\comodo\firewall\cfp.exe" -h
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [WebDriveTray] c:\_app\_net\_ftp\_client\webdrive\webdrive.exe /trayicon
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [openvpn-gui] c:\_app\_net\_vpn\openvpn-zcu\bin\openvpn-gui.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\jackcy\nabdka~1\programy\posput~1\autoru~1\wdanyw~1.lnk - c:\docume~1\jackcy\dataap~1\microsoft\installer\{b9a81070-616d-4e93-be02-cee651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
StartupFolder: c:\documents and settings\all users\nabídka start\programy\po spuštění\_start_HIGH_NHC.exe_.bat
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\autoru~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-c740-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\autoru~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoTrayItemsDisplay = 00000000
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\_app\_sys\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout pomocí NetXferu - c:\_app\_net\_downloaders\netxfer\NXAddLink.html
IE: Stáhnout vše pomocí Net&Xferu - c:\_app\_net\_downloaders\netxfer\NXAddList.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\_app\_net\_downloaders\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223046916203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 10.10.3.3 mk
Hosts: 10.20.2.11 bk
Hosts: 10.30.3.65 lk
Hosts: 10.254.254.253 AFS

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jackcy\dataap~1\mozilla\firefox\profiles\32v95ljl.default\
FF - prefs.js: browser.search.selectedEngine - Google US
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\_app\_sys\_internet_browser\mozilla firefox\components\browserdirprovider.dll
FF - component: c:\_app\_sys\_internet_browser\mozilla firefox\components\brwsrcmp.dll
FF - component: c:\documents and settings\jackcy\data aplikací\mozilla\firefox\profiles\32v95ljl.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\jackcy\data aplikací\mozilla\firefox\profiles\32v95ljl.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\_app\_sys\_internet_browser\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npdivx32.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npdsplay.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npdsplay.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin6.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npqtplugin7.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\NPSWF32.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\_app\_sys\_internet_browser\opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\_app\_sys\acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\_app\_video\_codecs\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\_app\_video\_codecs\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\_app\_video\_player\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\documents and settings\jackcy\data aplikacă­\mozilla\firefox\profiles\32v95ljl.default\extensions\reader_plugin@ebrary.com\plugins\NPinfotl.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\_app\_sys\_internet_browser\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');c:\_app\_sys\_internet_browser\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\_app\_sys\_internet_browser\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\_app\_sys\_internet_browser\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\_app\_sys\_internet_browser\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\_app\_sys\_internet_browser\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\_app\_sys\_internet_browser\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\_app\_sys\_internet_browser\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-9-7 26624]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-4-16 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-4-16 31504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 statuscached;SmartSVN Status Cache;c:\program files\smartsvn 5\bin\statuscached.exe [2008-12-4 214016]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-29 54960]
R2 WebDriveFSD;WebDrive File System Driver;c:\_app\_net\_ftp\_client\webdrive\wdfsd.sys [2009-3-5 201112]
R3 SymSnapService;SymSnapService;c:\_app\_sys\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2008-4-9 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-4-9 8278]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S2 acpi32;acpi32; [x]
S2 amd64si;amd64si; [x]
S2 ati64si;ati64si; [x]
S2 fips32cup;fips32cup; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-17 133104]
S2 i386si;i386si; [x]
S2 netsik;netsik; [x]
S2 port135sik;port135sik; [x]
S2 securentm;securentm; [x]
S2 stisvcVMAuthdService;Načítání obrázků (WIA) stisvcVMAuthdService; [x]
S2 systemntmi;systemntmi; [x]
S2 ws2_32sik;ws2_32sik; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-3 1684736]
S3 G6FTPServer;Gene6 FTP Server;c:\_app\_net\_ftp\gene6 ftp server\G6FTPServer.exe [2007-2-5 423936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 PORTMON;PORTMON;\??\c:\_app\_sys\_sysinternals\portmon\portmsys.sys --> c:\_app\_sys\_sysinternals\portmon\PORTMSYS.SYS [?]
S3 PROCMON11;PROCMON11;c:\windows\system32\drivers\PROCMON11.SYS [2008-4-25 36552]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\_app\_test\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-25 98488]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]

=============== Created Last 30 ================

2009-11-26 23:52:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-23 23:28:55 0 d-----w- c:\docume~1\jackcy\dataap~1\X-Chat 2
2009-11-15 16:28:30 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-15 16:28:30 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-15 16:28:30 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-15 16:28:29 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-15 16:28:29 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-15 16:28:29 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-15 16:28:29 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-13 09:17:46 218 ----a-w- c:\documents and settings\jackcy\.recently-used.xbel
2009-11-04 22:04:59 0 d-----w- c:\docume~1\jackcy\dataap~1\RawTherapee

==================== Find3M ====================

2009-11-27 15:30:38 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-11-27 00:08:03 484256 ----a-w- c:\windows\system32\perfh005.dat
2009-11-27 00:08:03 100050 ----a-w- c:\windows\system32\perfc005.dat
2009-11-18 20:32:05 176245 ----a-w- c:\windows\fonts\AdobeFnt09.lst
2009-10-22 09:18:24 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:19:35 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:19:35 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:05:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:05:18 58880 ------w- c:\windows\system32\dllcache\msasn1.dll

============= FINISH: 17:34:45,48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JackCY

JackCY
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 29 November 2009 - 01:30 PM

CLOSE

as status changed after DIY and there is nobody interested in this topic
getting help with status after DIY on another forum already

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:28 PM

Posted 04 December 2009 - 07:36 PM

This thread is closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users