Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 ukase

ukase

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 03 October 2010 - 12:27 PM

i already done that

really i don't know whats wrong ,but i noticed blank black secreen with blinking dash at left top for 2 seconds before starting up. i think it began after i did reg repair with three softwares.i did antimalware scan no threats..anyway please help me know the problem.thax alot
here hijack report and installed programms.


hijack report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:10:40 PM, on 10/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5627.1104\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1278700802640
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfi...fig_4_1_0_2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...el_4.1.66.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1caff6ae15648a8) (gupdate1caff6ae15648a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 10142 bytes

,...................................................................................................
..,

programms report:

??O?? ????C?
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
Art of Murder: Cards of Destiny
Avira AntiVir Personal - Free Antivirus
CoreAAC
DVD X Player 4.0 Professional
Golden Al-Wafi Translator
GOM Player
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Voice Modem with SmartCP
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Hotspot Shield 1.52
Intel® Graphics Media Accelerator Driver for Mobile
Java™ 6 Update 21
Junk Mail filter update
Ma-Config.com
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mpegable Player
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PaltalkScene
PowerDVD
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype web features
Skype™ 4.1
Software Informer 1.0 BETA
Synaptics Pointing Device Driver
System Requirements Lab for Intel
UltraISO Premium V8.66
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (NETw3x32) net (07/26/2006 10.5.1.59)
Windows Driver Package - Intel (NETw3x32) net (11/15/2006 10.5.1.75)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Messenger



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 09 October 2010 - 07:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 ukase

ukase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 10 October 2010 - 10:51 AM

hi, thanx alot for replying,i think it is important to know this , i installed Flashget from its website but it was in chinese or japanese don't know, i removed it
from my add\remove control panel and installed the english one,tried it but didn't like it,so i removed it,
then everytime i hit a right click over a link or something else i get two lines written in chinese on the dropdown menu
so i went on and read about the program on different places, and they say it comes with spyware.
i went to my regedit i clicked ( edit > find ) i typed flashget again and again until i found two files
in chinese names in the left row just like those chinese lines i mentioned, so i deleted both files from the left row,the two lines disappeared from my right click,is that
right what i did ?? without any backup,,didn't believe that i find them!!this was 4 days before i posted my logs here.
thats why i used reg repair tools.

here are the logs:



DDS (Ver_10-10-10.03) - NTFSx86
Run by Smart at 18:33:46.03 on Sun 10/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1526.1120 [GMT 3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Smart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278700802640
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-29 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-29 60936]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S2 gupdate1caff6ae15648a8;Google Update Service (gupdate1caff6ae15648a8);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 133104]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\smart\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\smart\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-5-11 271728]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2010-10-09 21:37:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-09 21:37:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 21:37:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 20:31:15 -------- d-----w- c:\program files\Enigma Software Group
2010-10-08 20:30:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-10-07 07:15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-03 14:50:41 388096 ----a-r- c:\docume~1\smart\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-02 23:37:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-02 13:15:59 -------- d-----w- c:\docume~1\smart\applic~1\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2010-10-02 11:52:00 -------- d-----w- c:\program files\Free Window Registry Repair
2010-09-30 14:30:01 -------- d-----w- c:\docume~1\smart\applic~1\Registry Mechanic
2010-09-30 14:27:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-09-30 03:42:26 -------- d-----w- c:\docume~1\smart\applic~1\URSoft
2010-09-29 23:18:01 -------- d-----w- c:\docume~1\smart\applic~1\BITS
2010-09-28 20:12:30 -------- d-----w- c:\docume~1\smart\applic~1\ProgSense
2010-09-28 20:12:24 -------- d-----w- c:\docume~1\smart\applic~1\GrabPro
2010-09-28 15:12:47 -------- d-----w- c:\docume~1\smart\applic~1\Auslogics
2010-09-28 01:07:11 -------- dc-h--w- c:\windows\ie8
2010-09-28 01:02:06 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-27 12:38:36 -------- d-----w- C:\Hotspot Shield
2010-09-27 12:38:31 -------- d-----w- c:\program files\Hotspot Shield
2010-09-22 19:19:02 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-09-22 15:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-17 14:24:00 203776 ----a-w- c:\windows\system32\clrviddc.dll

==================== Find3M ====================

2010-10-07 07:14:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 00:16:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-10 00:16:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 18:34:19.42 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/29/2010 10:25:14 PM
System Uptime: 10/10/2010 6:05:50 PM (0 hours ago)

Motherboard: Acer, Inc. | | LuganoII
Processor: Intel® Pentium® M processor 1.70GHz | U1 | 1700/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 9.655 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 24.378 GiB free.
E: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP347: 9/28/2010 4:22:16 AM - Cleaned registry with Windows Live OneCare safety scanner
RP348: 9/28/2010 7:36:59 AM - Software Distribution Service 3.0
RP349: 9/28/2010 11:04:19 PM - Cleaned registry with Windows Live OneCare safety scanner
RP350: 9/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP351: 9/29/2010 4:51:01 AM - Installed Java™ 6 Update 17
RP352: 9/29/2010 4:57:34 AM - Removed Java™ 6 Update 17
RP353: 9/29/2010 2:32:44 PM - Software Distribution Service 3.0
RP354: 9/30/2010 5:52:57 AM - Software Distribution Service 3.0
RP355: 9/30/2010 9:10:34 AM - Software Distribution Service 3.0
RP356: 9/30/2010 7:45:46 PM - Software Distribution Service 3.0
RP357: 10/1/2010 2:44:38 AM - Software Distribution Service 3.0
RP358: 10/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP359: 10/1/2010 1:25:07 PM - Software Distribution Service 3.0
RP360: 10/1/2010 8:49:49 PM - Software Distribution Service 3.0
RP361: 10/2/2010 3:00:21 AM - Software Distribution Service 3.0
RP362: 10/2/2010 2:41:37 PM - Cleaned registry with Windows Live OneCare safety scanner
RP363: 10/2/2010 2:59:36 PM - Cleaned registry with Windows Live OneCare safety scanner
RP364: 10/2/2010 4:21:15 PM - Removed Times Reader
RP365: 10/2/2010 6:10:59 PM - Software Distribution Service 3.0
RP366: 10/2/2010 6:29:44 PM - Software Distribution Service 3.0
RP367: 10/2/2010 11:05:15 PM - Cleaned registry with Windows Live OneCare safety scanner
RP368: 10/3/2010 12:09:13 AM - Removed Java™ 6 Update 21
RP369: 10/3/2010 12:15:39 AM - Installed Java™ 6 Update 21
RP370: 10/3/2010 3:00:38 AM - Software Distribution Service 3.0
RP371: 10/3/2010 7:37:40 AM - Software Distribution Service 3.0
RP372: 10/3/2010 4:09:58 PM - Software Distribution Service 3.0
RP373: 10/3/2010 4:36:07 PM - Software Distribution Service 3.0
RP374: 10/3/2010 5:50:39 PM - Installed HiJackThis
RP375: 10/4/2010 3:00:18 AM - Software Distribution Service 3.0
RP376: 10/4/2010 6:16:25 AM - Software Distribution Service 3.0
RP377: 10/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP378: 10/5/2010 6:24:53 PM - Software Distribution Service 3.0
RP379: 10/6/2010 6:21:29 AM - Software Distribution Service 3.0
RP380: 10/6/2010 6:05:42 PM - Software Distribution Service 3.0
RP381: 10/7/2010 3:00:40 AM - Software Distribution Service 3.0
RP382: 10/7/2010 4:43:15 AM - Software Distribution Service 3.0
RP383: 10/7/2010 7:43:08 AM - Software Distribution Service 3.0
RP384: 10/7/2010 10:07:14 AM - Removed Java™ 6 Update 21
RP385: 10/7/2010 10:14:34 AM - Installed Java™ 6 Update 21
RP386: 10/7/2010 10:22:11 AM - Cleaned registry with Windows Live OneCare safety scanner
RP387: 10/7/2010 10:36:39 AM - Software Distribution Service 3.0
RP388: 10/7/2010 8:26:06 PM - Software Distribution Service 3.0
RP389: 10/8/2010 4:02:29 PM - Software Distribution Service 3.0
RP390: 10/8/2010 11:31:14 PM - Installed SpyHunter
RP391: 10/8/2010 11:52:27 PM - Removed SpyHunter
RP392: 10/9/2010 2:54:04 AM - Software Distribution Service 3.0
RP393: 10/10/2010 12:30:57 AM - Software Distribution Service 3.0
RP394: 10/10/2010 2:28:18 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
Art of Murder: Cards of Destiny
Avira AntiVir Personal - Free Antivirus
CoreAAC
DVD X Player 4.0 Professional
Golden Al-Wafi Translator
GOM Player
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Voice Modem with SmartCP
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Hotspot Shield 1.52
Intel® Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
Ma-Config.com
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mpegable Player
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PaltalkScene
PowerDVD
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype web features
Skype™ 4.1
Software Informer 1.0 BETA
Synaptics Pointing Device Driver
System Requirements Lab for Intel
UltraISO Premium V8.66
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (NETw3x32) net (07/26/2006 10.5.1.59)
Windows Driver Package - Intel (NETw3x32) net (11/15/2006 10.5.1.75)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

10/9/2010 2:34:36 AM, error: Dhcp [1002] - The IP address lease 10.26.8.46 for the Network Card with network address 00FFCD623235 has been denied by the DHCP server 10.6.63.254 (The DHCP Server sent a DHCPNACK message).
10/8/2010 9:44:37 PM, error: Dhcp [1002] - The IP address lease 10.7.48.33 for the Network Card with network address 00FFCD623235 has been denied by the DHCP server 10.19.63.254 (The DHCP Server sent a DHCPNACK message).
10/8/2010 9:27:12 PM, error: Dhcp [1002] - The IP address lease 10.7.56.57 for the Network Card with network address 00FFCD623235 has been denied by the DHCP server 10.7.55.254 (The DHCP Server sent a DHCPNACK message).
10/8/2010 2:16:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/8/2010 2:16:30 PM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
10/8/2010 2:16:30 PM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/8/2010 2:16:30 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/8/2010 2:16:29 PM, error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/8/2010 10:44:27 PM, error: Dhcp [1002] - The IP address lease 10.19.56.108 for the Network Card with network address 00FFCD623235 has been denied by the DHCP server 10.26.15.254 (The DHCP Server sent a DHCPNACK message).
10/3/2010 7:38:56 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
10/3/2010 7:12:50 AM, error: Dhcp [1002] - The IP address lease 10.10.24.56 for the Network Card with network address 00FFCD623235 has been denied by the DHCP server 10.7.63.254 (The DHCP Server sent a DHCPNACK message).
10/3/2010 3:30:56 PM, error: Service Control Manager [7000] - The Acer EPM System Hardware Driver service failed to start due to the following error: The system cannot find the file specified.
10/10/2010 12:37:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/10/2010 12:36:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
10/10/2010 12:36:55 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2010 12:36:55 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2010 12:36:55 AM, error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2010 12:36:55 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2010 12:36:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/10/2010 12:36:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:39 on 10/10/2010 (Smart)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-10 18:43:10
Windows 5.1.2600 Service Pack 3
Running: cfegldxt.exe; Driver: C:\DOCUME~1\Smart\LOCALS~1\Temp\pwpiqkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

thanx again.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 10 October 2010 - 03:50 PM

I can't see much from the logs.

Please run MBAM and SAS and see what that finds

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#5 ukase

ukase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 10 October 2010 - 06:43 PM

hi, many thanks m0le ,, while scanning with mbam my avira antivir detected unwanted or malware file and asked me for action i pressed remove. here are avira , superantispy,and mbam reports:


Avira AntiVir Personal
Report file date: Monday, October 11, 2010 01:01

Scanning for 2914708 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 29-68BC0B998ECF

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 06/05/31 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 16/06/31 21:27:06
AVSCAN.DLL : 10.0.3.0 46440 Bytes 16/06/31 21:27:06
LUKE.DLL : 10.0.2.3 104296 Bytes 22/03/31 15:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 26/02/31 20:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 19/11/30 06:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 02/12/30 16:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 05/02/31 14:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 11/02/31 13:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 20/03/31 08:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 02/05/31 21:27:05
VBASE006.VDF : 7.10.7.218 2294784 Bytes 20/06/31 21:35:25
VBASE007.VDF : 7.10.9.165 4840960 Bytes 12/08/31 02:18:41
VBASE008.VDF : 7.10.11.133 3454464 Bytes 05/10/31 01:37:45
VBASE009.VDF : 7.10.11.134 2048 Bytes 05/10/31 01:37:46
VBASE010.VDF : 7.10.11.135 2048 Bytes 05/10/31 01:37:46
VBASE011.VDF : 7.10.11.136 2048 Bytes 05/10/31 01:37:47
VBASE012.VDF : 7.10.11.137 2048 Bytes 05/10/31 01:37:47
VBASE013.VDF : 7.10.11.165 172032 Bytes 07/10/31 01:06:28
VBASE014.VDF : 7.10.11.202 144384 Bytes 10/10/31 06:45:27
VBASE015.VDF : 7.10.11.231 129024 Bytes 13/10/31 21:55:30
VBASE016.VDF : 7.10.12.4 126464 Bytes 15/10/31 14:01:02
VBASE017.VDF : 7.10.12.38 146944 Bytes 19/10/31 19:58:19
VBASE018.VDF : 7.10.12.64 133120 Bytes 21/10/31 05:37:04
VBASE019.VDF : 7.10.12.99 134144 Bytes 23/10/31 23:44:13
VBASE020.VDF : 7.10.12.122 131584 Bytes 27/10/31 02:18:45
VBASE021.VDF : 7.10.12.148 119296 Bytes 29/10/31 12:11:04
VBASE022.VDF : 7.10.12.149 2048 Bytes 29/10/31 12:11:05
VBASE023.VDF : 7.10.12.150 2048 Bytes 29/10/31 12:11:05
VBASE024.VDF : 7.10.12.151 2048 Bytes 29/10/31 12:11:06
VBASE025.VDF : 7.10.12.152 2048 Bytes 29/10/31 12:11:06
VBASE026.VDF : 7.10.12.153 2048 Bytes 29/10/31 12:11:07
VBASE027.VDF : 7.10.12.154 2048 Bytes 29/10/31 12:11:07
VBASE028.VDF : 7.10.12.155 2048 Bytes 29/10/31 12:11:08
VBASE029.VDF : 7.10.12.156 2048 Bytes 29/10/31 12:11:08
VBASE030.VDF : 7.10.12.157 2048 Bytes 29/10/31 12:11:09
VBASE031.VDF : 7.10.12.167 75776 Bytes 01/11/31 15:30:21
Engineversion : 8.2.4.72
AEVDF.DLL : 8.1.2.1 106868 Bytes 20/08/31 02:50:54
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 11/10/31 06:46:15
AESCN.DLL : 8.1.6.1 127347 Bytes 16/06/31 21:27:06
AESBX.DLL : 8.1.3.1 254324 Bytes 16/06/31 21:27:06
AERDL.DLL : 8.1.9.2 635252 Bytes 13/10/31 21:55:41
AEPACK.DLL : 8.2.3.7 471413 Bytes 11/10/31 06:46:03
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 12/08/31 05:10:29
AEHEUR.DLL : 8.1.2.30 2941303 Bytes 23/10/31 23:45:25
AEHELP.DLL : 8.1.13.4 242038 Bytes 16/10/31 15:13:12
AEGEN.DLL : 8.1.3.23 401779 Bytes 23/10/31 23:44:31
AEEMU.DLL : 8.1.2.0 393588 Bytes 16/06/31 21:27:06
AECORE.DLL : 8.1.17.0 196982 Bytes 16/10/31 15:13:09
AEBB.DLL : 8.1.1.0 53618 Bytes 16/06/31 21:27:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 29/01/31 09:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 29/01/31 09:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 05/03/31 13:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 16/06/31 21:27:06
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 16/06/31 21:27:06
AVARKT.DLL : 10.0.0.14 227176 Bytes 16/06/31 21:27:06
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 11/02/31 06:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 13/02/31 09:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 01/04/31 12:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 06/03/31 11:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 13/02/31 10:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 16/06/31 21:27:05

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4ceec243\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, October 11, 2010 01:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'openvpntray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hsswd.exe' - '1' Module(s) have been scanned
Scan process 'hsssrv.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'softinfo.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{859A5432-32A5-4A9D-8D5F-E820095985D3}\RP394\A0056087.pif'
C:\System Volume Information\_restore{859A5432-32A5-4A9D-8D5F-E820095985D3}\RP394\A0056087.pif
[DETECTION] Contains HEUR/Crypted.E suspicious code
--> Object
[DETECTION] Contains HEUR/Crypted.E suspicious code
[NOTE] The file was moved to the quarantine directory under the name '4eaa969a.qua'.


End of the scan: Monday, October 11, 2010 01:01
Used time: 00:14 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
0 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.
------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/11/2010 at 02:08 AM

Application Version : 4.44.1000

Core Rules Database Version : 5663
Trace Rules Database Version: 3475

Scan type : Complete Scan
Total Scan Time : 00:37:10

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 6444
Registry threats detected : 0
File items scanned : 37179
File threats detected : 26

Adware.Tracking Cookie
C:\Documents and Settings\Smart\Cookies\smart@yadro[1].txt
C:\Documents and Settings\Smart\Cookies\smart@tribalfusion[2].txt
C:\Documents and Settings\Smart\Cookies\smart@microsoftmachinetranslation.112.2o7[1].txt
C:\Documents and Settings\Smart\Cookies\smart@doubleclick[1].txt
C:\Documents and Settings\Smart\Cookies\smart@imrworldwide[2].txt
C:\Documents and Settings\Smart\Cookies\smart@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Smart\Cookies\smart@content.yieldmanager[3].txt
C:\Documents and Settings\Smart\Cookies\smart@mediaplex[2].txt
C:\Documents and Settings\Smart\Cookies\smart@statcounter[2].txt
C:\Documents and Settings\Smart\Cookies\smart@serving-sys[1].txt
C:\Documents and Settings\Smart\Cookies\smart@collective-media[2].txt
C:\Documents and Settings\Smart\Cookies\smart@zedo[2].txt
C:\Documents and Settings\Smart\Cookies\smart@revsci[1].txt
C:\Documents and Settings\Smart\Cookies\smart@insightexpressai[2].txt
C:\Documents and Settings\Smart\Cookies\smart@ad.yieldmanager[2].txt
C:\Documents and Settings\Smart\Cookies\smart@adtech[1].txt
C:\Documents and Settings\Smart\Cookies\smart@content.yieldmanager[2].txt
C:\Documents and Settings\Smart\Cookies\smart@apmebf[2].txt
C:\Documents and Settings\Smart\Cookies\smart@atdmt[1].txt
C:\Documents and Settings\Smart\Cookies\smart@bs.serving-sys[1].txt
C:\Documents and Settings\Smart\Cookies\smart@casalemedia[2].txt
C:\Documents and Settings\Smart\Cookies\smart@fastclick[1].txt
C:\Documents and Settings\Smart\Cookies\smart@burstnet[2].txt
C:\Documents and Settings\Smart\Cookies\smart@www.burstnet[2].txt
core.insightexpressai.com [ C:\Documents and Settings\Smart\Application Data\Macromedia\Flash Player\#SharedObjects\YGE9K5RM ]
ia.media-imdb.com [ C:\Documents and Settings\Smart\Application Data\Macromedia\Flash Player\#SharedObjects\YGE9K5RM ]

---------------------------------------------------------------------------------------------------------------------------------
mbam report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4792

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/11/2010 1:17:59 AM
mbam-log-2010-10-11 (01-17-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 168418
Time elapsed: 29 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 10 October 2010 - 07:54 PM

Your antivirus found the trace of malware which was in the System Restore folder.

The reality is that SAS and MBAM haven't found a thing, which is good.

One more scan to do, this picks up infected files and other trash files. Please navigate to ESET's online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#7 ukase

ukase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 October 2010 - 12:47 PM

hi m0le,, this is ESET report:

C:\Documents and Settings\Smart\Desktop\HSS-1.52-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting (after the next restart) - quarantined
D:\MsgPlusLive(4.8.2).exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
D:\desktop\audio converter\?????? ???? ?????.exe a variant of Win32/Adware.ADON application deleted - quarantined


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 11 October 2010 - 01:50 PM

Some adware traces. The other thing on there is HotSpot Shield. Did you voluntarily download the program - it is a legitimate program but as it an encryptor for internet connections there's always the possibility that it's working for the other side.

Any symptoms to report?
Posted Image
m0le is a proud member of UNITE

#9 ukase

ukase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 October 2010 - 02:36 PM

hi ,
yes, i did download hotspotshield voluntarily,should i remove it? and i have nothing to report, thank you so much m0le really appriciate your help .

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 11 October 2010 - 05:48 PM

ESET removed it so was the program from a legitimate source?

Anyway, that all looks fine from here so next up is this...

You're clean. Good stuff! thumbup2.gif

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it ukase, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#11 ukase

ukase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 October 2010 - 06:09 PM

cheeeeeeeeeeeeeeeeeeeeeers specool.gif

thanks again and again m0le ,i think everything is cool now appricate it very much.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 16 October 2010 - 06:06 AM

You're welcome, ukase thumbup2.gif

-------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users