Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what's happening?


  • This topic is locked This topic is locked
7 replies to this topic

#1 justinius23

justinius23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 08 March 2010 - 11:15 AM

28 year old from northern ireland (semi) computer-literate (or so i like to think, but decided to join up on a site with people who really know what they're doing.

-lawrence (justinius23)

actually, as i'm not sure if i have any problems, i was wondering if someone could take a look at my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:14, on 08/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinExt\WinExt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinExt] C:\Program Files\WinExt\WinExt.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216196D-F947-4AA2-90D9-20850DA8165F}: NameServer = 87.194.255.155,195.184.228.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6487 bytes


apologies if this breaks some rules.

Edited by justinius23, 08 March 2010 - 11:21 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:21 AM

Posted 08 March 2010 - 03:59 PM

Good evening. smile.gif

QUOTE
decided to join up on a site with people who really know what they're doing.

Unfortunately they are all busy, so you're stuck with me! wacko.gif

Will you follow steps 6, 7 and 8 here and post accordingly into this thread. Please check that all the information makes it as very long posts may get cut short.

So long, and thanks for all the fish.

 

 


#3 justinius23

justinius23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 09 March 2010 - 04:37 AM

Infiltrated by a "hacker" on saturday night nad have noticed some odd things happening on my computer.

successfully used malwarbytes to remove several trojans and manually took out Iass.exe and winsvc.exe

one other problem i'm having is i was advised to run gmer.exe (http://www.bleepingcomputer.com/forums/topic34773.html) - it runs fine and finishes but when i try to save it it freezes the whole computer.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 21:05:48.34 on 08/03/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.717 [GMT 0:00]

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinExt\WinExt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\winsvc.exe
N:\AVG.Internet.Security.8.5.364.Build.1549 & Working Keymaker\AVG Keymaker\keymaker.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Compaq_Owner\My Documents\downloads\Defogger.exe
C:\Documents and Settings\Compaq_Owner\My Documents\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: AutorunsDisabled - No File
BHO: JQSIEStartDetectorImpl - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "c:\documents and settings\compaq_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WinExt] c:\program files\winext\WinExt.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [Windows Critical Host Protocol] winsvc.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A216196D-F947-4AA2-90D9-20850DA8165F} = 87.194.255.155,195.184.228.4
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {C60605A1-127X-Y4J4-7E06-T4YTK37T6OG1} - c:\windows\install\winlog.exe Restart
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\k28oykpj.default\
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\k28oykpj.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\k28oykpj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - HiddenExtension: XUL Cache: {A7683DBE-4CD1-48AD-93FE-276B45B18298} - c:\documents and settings\compaq_owner\local settings\application data\{A7683DBE-4CD1-48AD-93FE-276B45B18298}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2009-11-7 24888]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-28 207280]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-3-29 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-7 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-8-26 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-8-26 476528]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-2 38224]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S2 MSF32;MSF32;\??\c:\documents and settings\compaq_owner\my documents\downloads\mysecretfolder\msf32.sys --> c:\documents and settings\compaq_owner\my documents\downloads\mysecretfolder\MSF32.SYS [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-19 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-19 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-21 30192]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-12-29 40264]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-12-29 57672]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-12-29 82248]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S4 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" --> c:\program files\lavasoft\ad-aware 2007\aawservice.exe [?]
S4 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-28 112592]
S4 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-2-17 406016]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S4 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2009-3-4 202016]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]

=============== Created Last 30 ================

2010-03-08 21:05:05 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable
2010-03-08 20:11:45 90168 --sh--r- c:\windows\winsvc.exe
2010-03-07 08:46:06 0 d-----w- c:\docume~1\compaq~1\applic~1\CheckPoint
2010-03-07 08:45:28 0 d-----w- c:\program files\CheckPoint
2010-03-07 08:30:36 0 d-----w- c:\program files\Zone Labs
2010-03-07 08:30:28 0 d-----w- c:\windows\Internet Logs
2010-03-07 04:49:21 175104 ----a-w- c:\docume~1\compaq~1\applic~1\SQLite3.dll
2010-03-07 04:49:20 0 d-----w- c:\windows\install
2010-03-06 22:23:35 0 d-----w- c:\windows\WindowsUpdate
2010-03-06 22:11:22 0 d-----w- C:\__MACOSX
2010-03-04 19:45:46 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-04 19:45:42 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-04 19:45:09 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-02-28 15:11:22 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-02-28 15:10:24 0 d-----w- c:\windows\Replay Music
2010-02-28 15:10:24 0 d-----w- c:\program files\Replay Music 3
2010-02-19 19:28:32 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-19 19:28:32 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-19 19:28:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-19 18:51:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-19 00:28:20 0 d-----w- c:\program files\RAR Password Unlocker
2010-02-17 23:36:38 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-02-17 23:31:40 0 d-----w- c:\docume~1\compaq~1\applic~1\GetRightToGo
2010-02-17 21:58:18 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-17 20:43:22 0 d-----w- c:\program files\Ashampoo
2010-02-11 18:03:03 884 ----a-w- C:\fraglist.luar
2010-02-08 18:23:14 0 d-----w- c:\windows\UltraDefrag

==================== Find3M ====================

2010-03-08 14:45:52 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-05 17:48:07 18499623 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.5-win32.exe
2010-01-26 22:43:48 18030130 -c--a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.3-win32.exe
2009-09-13 20:09:13 58 -c--a-w- c:\program files\resume.dat
2009-09-13 20:09:13 1467 -c--a-w- c:\program files\settings.dat
2009-09-13 20:09:13 138 -c--a-w- c:\program files\dht.dat
2009-09-02 17:16:29 11209 -c--a-w- c:\program files\common files\wapa.lib
2009-09-02 17:07:54 11360 -c--a-w- c:\program files\common files\huvisove._dl
2009-09-02 15:30:09 13080 -c--a-w- c:\program files\common files\rizyconac.dll
2009-09-02 15:30:08 19204 -c--a-w- c:\program files\common files\edamyfevaf.dat
2009-09-02 15:30:08 15724 -c--a-w- c:\program files\common files\fecyke.db
2009-09-02 10:48:34 12043 -c--a-w- c:\program files\common files\piqev.exe
2009-09-02 10:48:34 10872 -c--a-w- c:\program files\common files\jyjujyz.pif
2009-09-02 10:19:13 13543 -c--a-w- c:\program files\common files\toduluk.sys
2005-12-22 09:34:58 185344 -c--a-w- c:\program files\lameACM.acm
2005-12-22 09:29:34 187392 -c--a-w- c:\program files\lame.exe
2005-11-28 08:53:32 79293 -c--a-r- c:\program files\history.html
2005-09-05 21:24:22 2218 -c--a-r- c:\program files\index.html
2005-08-20 17:48:24 49511 -c--a-r- c:\program files\switchs.html
2005-07-28 13:05:10 7668 -c--a-r- c:\program files\id3.html
2005-07-28 13:05:08 4922 -c--a-r- c:\program files\basic.html
2005-07-28 13:05:08 3926 -c--a-r- c:\program files\contributors.html
2005-07-28 13:05:08 1705 -c--a-r- c:\program files\examples.html
2005-07-27 21:49:40 3102 -c--a-r- c:\program files\presets.html
2004-08-19 19:36:10 2288 -c--a-r- c:\program files\modes.html
2002-04-07 10:17:38 414 -c--a-w- c:\program files\lame_acm.xml
2002-01-23 19:39:46 3133 -c--a-w- c:\program files\LameACM.inf
2001-10-24 12:44:36 6967 -c--a-r- c:\program files\node6.html
2000-12-03 22:00:12 732 -c--a-r- c:\program files\lame.css

============= FINISH: 21:09:38.64 ===============

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:21 PM

Posted 09 March 2010 - 09:58 PM

Hello justinius23,

I have merged your latest topic to your previously existing topic. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for everyone and delays the assistance you receive.

Back to you Noviciate,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:21 AM

Posted 10 March 2010 - 03:51 PM

Good evening. smile.gif

Your log doesn't seem to show an active anti-virus program installed - how long has this been the case?

So long, and thanks for all the fish.

 

 


#6 justinius23

justinius23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 10 March 2010 - 03:56 PM

hello. long time. long story short - pure arrogance on my part and using the same passwords on multiple sites. i have zonealarm installed now (pro), but no anti-virus.

i run malwarebytes (pro) and super anti spyware (pro) around once a week.

maybe i should do new scans?

and thanks for getting back to me. i just am really paranoid he's left something.

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:21 AM

Posted 11 March 2010 - 04:19 PM

Good evening. smile.gif

That's not what I wanted to hear/read. The problem is that, without adequate protection, your PC has become a slime magnet and there is no way of knowing what damage may have been done.
Legitimate files may have been infected, corrupted or even replaced and security settings may have been lowered making re-infection more likely in the future and it will be close to impossible to know whether your machine is back in full working order or not at the end.

In situations like this I recommend backing up any important data and reformatting and reinstalling the OS.

So long, and thanks for all the fish.

 

 


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:21 AM

Posted 16 March 2010 - 07:01 PM

As this iaaue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users