Welcome to GeekPolice!
HomeVirus?!
Page 1 of 3
Page 1 of 3 • 1, 2, 3 
- genericlee
Novice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 
genericlee on 21st May 2009, 1:30 am
I have a virus help me!
- Origin
Tech Colleague -
OS : Windows Xp Sp3
Posts : 2684
Rubies : 7038
Likes : 0 -
Origin on 21st May 2009, 1:52 am
Please download the current version of HijackThis from HERE
- Double click and run the installer.
- It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
- After installing, you should get the user agreement, press accept and Hijack This will run.
- Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
- genericleeNovice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 -
genericlee on 21st May 2009, 9:27 pm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:04 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3910344132.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00FE7CDC.exe] C:\WINDOWS\TEMP\_A00FE7CDC.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c004C8A1 - C:\WINDOWS\system32\__c004C8A1.dat
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nakido - Unknown owner - C:\Program Files\Nakido\nakido.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9535 bytes
Scan saved at 2:27:04 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3910344132.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00FE7CDC.exe] C:\WINDOWS\TEMP\_A00FE7CDC.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c004C8A1 - C:\WINDOWS\system32\__c004C8A1.dat
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nakido - Unknown owner - C:\Program Files\Nakido\nakido.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9535 bytes
- OriginTech Colleague
-
OS : Windows Xp Sp3
Posts : 2684
Rubies : 7038
Likes : 0 -
Origin on 22nd May 2009, 12:31 am
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ghmu0v3pk3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3910344132.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00FE7CDC.exe] C:\WINDOWS\TEMP\_A00FE7CDC.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kauizyxbj.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O20 - Winlogon Notify: __c004C8A1 - C:\WINDOWS\system32\__c004C8A1.dat
O23 - Service: Nakido - Unknown owner - C:\Program Files\Nakido\nakido.exe (file missing) - Press "Fix Checked"
- Close Hijack This.
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
- genericleeNovice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 -
genericlee on 22nd May 2009, 1:31 am
Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3
5/21/2009 6:25:04 PM
mbam-log-2009-05-21 (18-25-04).txt
Scan type: Quick Scan
Objects scanned: 76238
Time elapsed: 25 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\__c004C8A1.dat (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e5efa8f-9f53-418e-b78e-44866667a404} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e5efa8f-9f53-418e-b78e-44866667a404} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004c8a1 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\218538\218538.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004C8A1.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_A00FE7CDC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Database version: 1647
Windows 5.1.2600 Service Pack 3
5/21/2009 6:25:04 PM
mbam-log-2009-05-21 (18-25-04).txt
Scan type: Quick Scan
Objects scanned: 76238
Time elapsed: 25 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\__c004C8A1.dat (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e5efa8f-9f53-418e-b78e-44866667a404} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e5efa8f-9f53-418e-b78e-44866667a404} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004c8a1 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\218538\218538.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004C8A1.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_A00FE7CDC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
- OriginTech Colleague
-
OS : Windows Xp Sp3
Posts : 2684
Rubies : 7038
Likes : 0 -
Origin on 22nd May 2009, 1:34 am
- Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2 - Double click DDS.scr to run.
- When complete, two logs will open. Save both of the report to your Desktop.
- Copy and paste DDS.txt back here, I don't need to see attach.txt.
- genericleeNovice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 -
genericlee on 22nd May 2009, 1:55 am
DDS (Ver_09-05-14.01) - NTFSx86
Run by Eric Lee at 18:51:47.06 on Thu 05/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.87 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Documents and Settings\Eric Lee\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Microsoft copyright: {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {7C2FC77A-AF76-4A75-AC16-B02A13829F34} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: []
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
StartupFolder: c:\documents and settings\eric lee\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\ericle~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\thunmail\testabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ericle~1\applic~1\mozilla\firefox\profiles\3s4ldz7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\eric lee\application data\mozilla\firefox\profiles\3s4ldz7t.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-28 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-28 108552]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2005-11-19 17149]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-05-21 18:28 708 a------- c:\windows\system32\sft.res
2009-05-21 18:28 29,184 a------- c:\windows\system32\lklf32.dll
2009-05-21 17:53 29,184 a------- c:\windows\system32\jhxm32.dll
2009-05-21 14:50 136 a------- c:\windows\system32\vp_setup.exe.bat
2009-05-21 14:49 --dshr-- c:\program files\ThunMail
2009-05-21 14:49 61,440 a------- c:\windows\system32\vp_setup.exe
2009-05-21 14:26 --d----- c:\program files\Trend Micro
2009-05-20 18:37 --d----- c:\documents and settings\eric lee\.SunDownloadManager
2009-05-20 14:50 29,184 a------- c:\windows\system32\stfa.dll
2009-05-20 14:50 32,768 a------- c:\windows\system32\AshEvtSvc.exe
2009-05-20 14:50 32,768 a------- c:\windows\system32\service-466.exe
2009-05-19 18:43 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-18 14:56 37,376 a------- c:\windows\system32\glsetup.exe
2009-05-17 09:59 15,000 a------- c:\windows\system32\afnoinkdsfe.dll
2009-05-14 19:29 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-12 21:00 118 a------- c:\windows\system32\MRT.INI
2009-05-12 16:41 --d----- c:\windows\system32\218538
2009-05-10 21:09 --d----- c:\windows\system32\NtmsData
2009-05-10 10:21 --d----- c:\windows\system32\199638
2009-05-09 13:00 2 ----h--- c:\windows\t55ft2668f44.dat
2009-05-09 13:00 1 ----h--- c:\windows\f23567.dat
2009-05-07 15:50 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-07 15:50 2 ----h--- c:\windows\t55ft2692f44.dat
2009-05-07 15:50 --d----- c:\windows\system32\796525
2009-05-06 16:02 24,064 a--sh--- c:\documents and settings\eric lee\protect.dll
2009-05-03 14:43 23,040 a------- c:\windows\system32\ak1.exe
2009-04-29 18:26 263 a------- C:\xcrashdump.dat
2009-04-27 20:15 439 a------- c:\windows\system32\win32hlp.cnf
2009-04-27 20:14 1 a------- c:\windows\system32\uniq.tll
2009-04-27 19:44 --d----- c:\docume~1\ericle~1\applic~1\pidle
==================== Find3M ====================
2009-05-20 14:40 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-20 14:40 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-20 14:40 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-27 20:14 104,960 a------- c:\windows\system32\userinit.exe
2009-03-21 12:30 78,050 ac------ c:\windows\War3Unin.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-25 20:26 33,728 ac------ c:\docume~1\ericle~1\applic~1\GDIPFONTCACHEV1.DAT
2003-06-20 04:05 138,288 ac------ c:\windows\inf\usbport.sys
2003-06-20 04:05 49,776 ac------ c:\windows\inf\usbhub20.sys
2003-06-20 04:05 24,752 ac------ c:\windows\inf\hidclass.sys
2003-06-20 04:05 20,688 ac------ c:\windows\inf\usbd.sys
2003-06-20 04:05 19,728 ac------ c:\windows\inf\usbehci.sys
============= FINISH: 18:54:24.87 ===============
Run by Eric Lee at 18:51:47.06 on Thu 05/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.87 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Documents and Settings\Eric Lee\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Microsoft copyright: {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {7C2FC77A-AF76-4A75-AC16-B02A13829F34} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [
uRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [Malware Doctor] c:\documents and settings\localservice\application data\916653139.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
StartupFolder: c:\documents and settings\eric lee\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\ericle~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\thunmail\testabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ericle~1\applic~1\mozilla\firefox\profiles\3s4ldz7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\eric lee\application data\mozilla\firefox\profiles\3s4ldz7t.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-28 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-28 108552]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2005-11-19 17149]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-05-21 18:28 708 a------- c:\windows\system32\sft.res
2009-05-21 18:28 29,184 a------- c:\windows\system32\lklf32.dll
2009-05-21 17:53 29,184 a------- c:\windows\system32\jhxm32.dll
2009-05-21 14:50 136 a------- c:\windows\system32\vp_setup.exe.bat
2009-05-21 14:49
2009-05-21 14:49 61,440 a------- c:\windows\system32\vp_setup.exe
2009-05-21 14:26
2009-05-20 18:37
2009-05-20 14:50 29,184 a------- c:\windows\system32\stfa.dll
2009-05-20 14:50 32,768 a------- c:\windows\system32\AshEvtSvc.exe
2009-05-20 14:50 32,768 a------- c:\windows\system32\service-466.exe
2009-05-19 18:43 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-18 14:56 37,376 a------- c:\windows\system32\glsetup.exe
2009-05-17 09:59 15,000 a------- c:\windows\system32\afnoinkdsfe.dll
2009-05-14 19:29 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-12 21:00 118 a------- c:\windows\system32\MRT.INI
2009-05-12 16:41
2009-05-10 21:09
2009-05-10 10:21
2009-05-09 13:00 2 ----h--- c:\windows\t55ft2668f44.dat
2009-05-09 13:00 1 ----h--- c:\windows\f23567.dat
2009-05-07 15:50 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-07 15:50 2 ----h--- c:\windows\t55ft2692f44.dat
2009-05-07 15:50
2009-05-06 16:02 24,064 a--sh--- c:\documents and settings\eric lee\protect.dll
2009-05-03 14:43 23,040 a------- c:\windows\system32\ak1.exe
2009-04-29 18:26 263 a------- C:\xcrashdump.dat
2009-04-27 20:15 439 a------- c:\windows\system32\win32hlp.cnf
2009-04-27 20:14 1 a------- c:\windows\system32\uniq.tll
2009-04-27 19:44
==================== Find3M ====================
2009-05-20 14:40 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-20 14:40 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-20 14:40 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-27 20:14 104,960 a------- c:\windows\system32\userinit.exe
2009-03-21 12:30 78,050 ac------ c:\windows\War3Unin.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-25 20:26 33,728 ac------ c:\docume~1\ericle~1\applic~1\GDIPFONTCACHEV1.DAT
2003-06-20 04:05 138,288 ac------ c:\windows\inf\usbport.sys
2003-06-20 04:05 49,776 ac------ c:\windows\inf\usbhub20.sys
2003-06-20 04:05 24,752 ac------ c:\windows\inf\hidclass.sys
2003-06-20 04:05 20,688 ac------ c:\windows\inf\usbd.sys
2003-06-20 04:05 19,728 ac------ c:\windows\inf\usbehci.sys
============= FINISH: 18:54:24.87 ===============
- OriginTech Colleague
-
OS : Windows Xp Sp3
Posts : 2684
Rubies : 7038
Likes : 0 -
Origin on 22nd May 2009, 2:03 am
- Download combofix from here
Link 1
Link 2 - We need to disable your local AV (Anti-virus) before running Combofix.
- See HERE for how to disable your AV.
- Double click on ComboFix.exe.
- Follow the prompts. NOTE:
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. - The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
- Allow ComboFix to download the Recovery Console.
- Accept the End-User License Agreement.
- The Recovery Console will be installed.
- You will then get this next prompt that asks if you want to continue the malware scan, select yes
- Allow combofix to run
- Post C:\combofix.txt back here.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
- genericleeNovice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 -
genericlee on 22nd May 2009, 3:02 am
The log was too big so i put it in as two posts
Part1
ComboFix 09-05-21.01 - Eric Lee 05/21/2009 19:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.227 [GMT -7:00]
Running from: c:\documents and settings\Eric Lee\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eric Lee\Application Data\pidle
c:\documents and settings\Eric Lee\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Eric Lee\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Eric Lee\protect.dll
c:\documents and settings\Eric Lee\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Eric Lee\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\Johnny Lee\protect.dll
c:\documents and settings\Johnny Lee\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\Application Data\916653139.exe
c:\documents and settings\LocalService\protect.dll
C:\install.exe
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.exe
c:\windows\f23567.dat
c:\windows\system32\199638
c:\windows\system32\218538
c:\windows\system32\afnoinkdsfe.dll
c:\windows\system32\ak1.exe
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthbobeltykhojgksymwllhrqjlatvkxdpj.sys
c:\windows\system32\glsetup.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfsthboxedpnqvvdjxthoteoakcrqubiajdvd.dll
c:\windows\system32\ovfsthgqjnsrpbwtpkrukyakjtvpyqgyivmavr.dll
c:\windows\system32\ovfsthhlacgftbketaiqnsmmpcdjldtlknttln.dll
c:\windows\system32\ovfsthlydrcbhdfufkabuenhegtsnwemvtgurp.dat
c:\windows\system32\ovfsthvybfswmmjqbavlkoalfodvuhhwglvmpq.dat
c:\windows\system32\service-466.exe
c:\windows\system32\sft.res
c:\windows\system32\stfa.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\t55ft2668f44.dat
c:\windows\t55ft2692f44.dat
c:\windows\Tasks\zpkuvebq.job
c:\windows\Temp\2134612342.exe
c:\windows\Temp\3797687882.exe
c:\windows\Temp\3798625382.exe
c:\windows\Temp\3910344132.exe
c:\windows\Temp\853620328.exe
c:\windows\Temp\857682828.exe
c:\windows\Temp\950339078.exe
C:\xcrashdump.dat
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthruxjcrvmpimboewtvxettqowkmxduyvo
-------\Legacy_ASHEVTSVC
-------\Service_AshEvtSvc
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 01:28 . 2009-05-22 01:28 29184 ----a-w c:\windows\system32\lklf32.dll
2009-05-22 00:53 . 2009-05-22 02:41 29184 ----a-w c:\windows\system32\jhxm32.dll
2009-05-21 21:50 . 2009-05-21 21:50 136 ----a-w c:\windows\system32\vp_setup.exe.bat
2009-05-21 21:49 . 2009-05-21 21:49 61440 ----a-w c:\windows\system32\vp_setup.exe
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w c:\program files\Trend Micro
2009-05-21 01:37 . 2009-05-21 01:47 -------- d-----w c:\documents and settings\Eric Lee\.SunDownloadManager
2009-05-17 17:07 . 2009-05-17 17:07 57344 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-617f6391-n\Decora-SSE.dll
2009-05-17 17:07 . 2009-05-17 17:07 24064 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3b9e0c04-n\Decora-D3D.dll
2009-05-17 17:07 . 2009-05-17 17:07 315392 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl.dll
2009-05-17 17:07 . 2009-05-17 17:07 20480 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl_awt.dll
2009-05-17 17:07 . 2009-05-17 17:07 114688 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl_cg.dll
2009-05-17 17:07 . 2009-05-17 17:07 20480 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3fa7a4ae-n\gluegen-rt.dll
2009-05-17 17:07 . 2009-05-17 17:07 499712 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\msvcp71.dll
2009-05-17 17:07 . 2009-05-17 17:07 499712 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\jmc.dll
2009-05-17 17:07 . 2009-05-17 17:07 348160 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\msvcr71.dll
2009-05-17 17:01 . 2009-05-17 17:01 -------- d--h--r c:\windows\system32\config\systemprofile\Application Data\yahoo!
2009-05-11 04:09 . 2009-05-11 04:09 -------- d-----w c:\windows\system32\NtmsData
2009-05-07 22:50 . 2009-05-13 03:13 -------- d-----w c:\windows\system32\796525
2009-05-04 21:42 . 2009-05-04 21:42 152576 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 21:20 . 2008-11-28 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 21:40 . 2008-09-28 17:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-20 21:40 . 2008-09-28 17:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-20 21:40 . 2008-09-28 17:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-20 21:40 . 2008-09-28 17:16 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-19 05:49 . 2009-01-11 17:49 99960 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-15 00:03 . 2008-08-31 06:13 -------- d-----w c:\program files\Warcraft III
2009-05-14 19:45 . 2008-08-31 07:18 -------- d-----w c:\program files\Garena
2009-05-07 04:02 . 2009-03-12 01:45 -------- d-----w c:\program files\TokBox
2009-05-04 21:44 . 2009-03-22 17:04 -------- d-----w c:\program files\Java
2009-04-30 01:55 . 2008-09-28 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-11 16:15 . 2008-09-28 01:07 -------- d-----w c:\program files\Cheat Engine
2009-04-07 12:01 . 2009-04-07 12:01 57344 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66f2e556-n\Decora-SSE.dll
2009-04-07 12:01 . 2009-04-07 12:01 315392 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl.dll
2009-04-07 12:01 . 2009-04-07 12:01 24064 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-4ed91c8e-n\Decora-D3D.dll
2009-04-07 12:01 . 2009-04-07 12:01 20480 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl_awt.dll
2009-04-07 12:01 . 2009-04-07 12:01 114688 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl_cg.dll
2009-04-07 12:01 . 2009-04-07 12:01 499712 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\msvcp71.dll
2009-04-07 12:01 . 2009-04-07 12:01 499712 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\jmc.dll
2009-04-07 12:01 . 2009-04-07 12:01 348160 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\msvcr71.dll
2009-04-07 12:01 . 2009-04-07 12:01 20480 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-447178f8-n\gluegen-rt.dll
2009-03-31 04:22 . 2009-03-31 04:22 57344 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3c034b17-n\Decora-SSE.dll
2009-03-31 04:22 . 2009-03-31 04:22 24064 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fe78b5e-n\Decora-D3D.dll
2009-03-31 04:22 . 2009-03-31 04:22 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\msvcp71.dll
2009-03-31 04:22 . 2009-03-31 04:22 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\jmc.dll
2009-03-31 04:22 . 2009-03-31 04:22 348160 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\msvcr71.dll
2009-03-22 17:05 . 2009-03-22 17:05 57344 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-21839c58-n\Decora-SSE.dll
2009-03-22 17:05 . 2009-03-22 17:05 315392 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl.dll
2009-03-22 17:05 . 2009-03-22 17:05 24064 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-67a90f01-n\Decora-D3D.dll
2009-03-22 17:05 . 2009-03-22 17:05 20480 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl_awt.dll
2009-03-22 17:05 . 2009-03-22 17:05 114688 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl_cg.dll
2009-03-22 17:05 . 2009-03-22 17:05 20480 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-358707b0-n\gluegen-rt.dll
2009-03-22 17:05 . 2009-03-22 17:05 503808 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\msvcp71.dll
2009-03-22 17:05 . 2009-03-22 17:05 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\jmc.dll
2009-03-22 17:05 . 2009-03-22 17:05 348160 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\msvcr71.dll
2009-03-22 17:03 . 2009-03-22 17:03 152576 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-21 19:30 . 2008-08-31 06:25 78050 -c--a-w c:\windows\War3Unin.dat
2009-03-09 12:19 . 2009-01-10 01:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 22:36 . 2008-11-26 02:40 38208 ----a-w c:\documents and settings\Eric Lee\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
Part1
ComboFix 09-05-21.01 - Eric Lee 05/21/2009 19:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.227 [GMT -7:00]
Running from: c:\documents and settings\Eric Lee\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eric Lee\Application Data\pidle
c:\documents and settings\Eric Lee\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Eric Lee\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Eric Lee\protect.dll
c:\documents and settings\Eric Lee\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Eric Lee\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\Johnny Lee\protect.dll
c:\documents and settings\Johnny Lee\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\Application Data\916653139.exe
c:\documents and settings\LocalService\protect.dll
C:\install.exe
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.exe
c:\windows\f23567.dat
c:\windows\system32\199638
c:\windows\system32\218538
c:\windows\system32\afnoinkdsfe.dll
c:\windows\system32\ak1.exe
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthbobeltykhojgksymwllhrqjlatvkxdpj.sys
c:\windows\system32\glsetup.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfsthboxedpnqvvdjxthoteoakcrqubiajdvd.dll
c:\windows\system32\ovfsthgqjnsrpbwtpkrukyakjtvpyqgyivmavr.dll
c:\windows\system32\ovfsthhlacgftbketaiqnsmmpcdjldtlknttln.dll
c:\windows\system32\ovfsthlydrcbhdfufkabuenhegtsnwemvtgurp.dat
c:\windows\system32\ovfsthvybfswmmjqbavlkoalfodvuhhwglvmpq.dat
c:\windows\system32\service-466.exe
c:\windows\system32\sft.res
c:\windows\system32\stfa.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\t55ft2668f44.dat
c:\windows\t55ft2692f44.dat
c:\windows\Tasks\zpkuvebq.job
c:\windows\Temp\2134612342.exe
c:\windows\Temp\3797687882.exe
c:\windows\Temp\3798625382.exe
c:\windows\Temp\3910344132.exe
c:\windows\Temp\853620328.exe
c:\windows\Temp\857682828.exe
c:\windows\Temp\950339078.exe
C:\xcrashdump.dat
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthruxjcrvmpimboewtvxettqowkmxduyvo
-------\Legacy_ASHEVTSVC
-------\Service_AshEvtSvc
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 01:28 . 2009-05-22 01:28 29184 ----a-w c:\windows\system32\lklf32.dll
2009-05-22 00:53 . 2009-05-22 02:41 29184 ----a-w c:\windows\system32\jhxm32.dll
2009-05-21 21:50 . 2009-05-21 21:50 136 ----a-w c:\windows\system32\vp_setup.exe.bat
2009-05-21 21:49 . 2009-05-21 21:49 61440 ----a-w c:\windows\system32\vp_setup.exe
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w c:\program files\Trend Micro
2009-05-21 01:37 . 2009-05-21 01:47 -------- d-----w c:\documents and settings\Eric Lee\.SunDownloadManager
2009-05-17 17:07 . 2009-05-17 17:07 57344 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-617f6391-n\Decora-SSE.dll
2009-05-17 17:07 . 2009-05-17 17:07 24064 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3b9e0c04-n\Decora-D3D.dll
2009-05-17 17:07 . 2009-05-17 17:07 315392 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl.dll
2009-05-17 17:07 . 2009-05-17 17:07 20480 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl_awt.dll
2009-05-17 17:07 . 2009-05-17 17:07 114688 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7807a711-n\jogl_cg.dll
2009-05-17 17:07 . 2009-05-17 17:07 20480 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3fa7a4ae-n\gluegen-rt.dll
2009-05-17 17:07 . 2009-05-17 17:07 499712 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\msvcp71.dll
2009-05-17 17:07 . 2009-05-17 17:07 499712 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\jmc.dll
2009-05-17 17:07 . 2009-05-17 17:07 348160 ----a-w c:\windows\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2289dad4-n\msvcr71.dll
2009-05-17 17:01 . 2009-05-17 17:01 -------- d--h--r c:\windows\system32\config\systemprofile\Application Data\yahoo!
2009-05-11 04:09 . 2009-05-11 04:09 -------- d-----w c:\windows\system32\NtmsData
2009-05-07 22:50 . 2009-05-13 03:13 -------- d-----w c:\windows\system32\796525
2009-05-04 21:42 . 2009-05-04 21:42 152576 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 21:20 . 2008-11-28 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-20 21:40 . 2008-09-28 17:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-20 21:40 . 2008-09-28 17:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-20 21:40 . 2008-09-28 17:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-20 21:40 . 2008-09-28 17:16 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-19 05:49 . 2009-01-11 17:49 99960 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-15 00:03 . 2008-08-31 06:13 -------- d-----w c:\program files\Warcraft III
2009-05-14 19:45 . 2008-08-31 07:18 -------- d-----w c:\program files\Garena
2009-05-07 04:02 . 2009-03-12 01:45 -------- d-----w c:\program files\TokBox
2009-05-04 21:44 . 2009-03-22 17:04 -------- d-----w c:\program files\Java
2009-04-30 01:55 . 2008-09-28 17:16 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-11 16:15 . 2008-09-28 01:07 -------- d-----w c:\program files\Cheat Engine
2009-04-07 12:01 . 2009-04-07 12:01 57344 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-66f2e556-n\Decora-SSE.dll
2009-04-07 12:01 . 2009-04-07 12:01 315392 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl.dll
2009-04-07 12:01 . 2009-04-07 12:01 24064 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-4ed91c8e-n\Decora-D3D.dll
2009-04-07 12:01 . 2009-04-07 12:01 20480 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl_awt.dll
2009-04-07 12:01 . 2009-04-07 12:01 114688 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-40228384-n\jogl_cg.dll
2009-04-07 12:01 . 2009-04-07 12:01 499712 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\msvcp71.dll
2009-04-07 12:01 . 2009-04-07 12:01 499712 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\jmc.dll
2009-04-07 12:01 . 2009-04-07 12:01 348160 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-55d528c1-n\msvcr71.dll
2009-04-07 12:01 . 2009-04-07 12:01 20480 ----a-w c:\documents and settings\Johnny Lee\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-447178f8-n\gluegen-rt.dll
2009-03-31 04:22 . 2009-03-31 04:22 57344 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3c034b17-n\Decora-SSE.dll
2009-03-31 04:22 . 2009-03-31 04:22 24064 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fe78b5e-n\Decora-D3D.dll
2009-03-31 04:22 . 2009-03-31 04:22 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\msvcp71.dll
2009-03-31 04:22 . 2009-03-31 04:22 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\jmc.dll
2009-03-31 04:22 . 2009-03-31 04:22 348160 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-706e4058-n\msvcr71.dll
2009-03-22 17:05 . 2009-03-22 17:05 57344 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-21839c58-n\Decora-SSE.dll
2009-03-22 17:05 . 2009-03-22 17:05 315392 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl.dll
2009-03-22 17:05 . 2009-03-22 17:05 24064 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-67a90f01-n\Decora-D3D.dll
2009-03-22 17:05 . 2009-03-22 17:05 20480 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl_awt.dll
2009-03-22 17:05 . 2009-03-22 17:05 114688 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4e18cb6e-n\jogl_cg.dll
2009-03-22 17:05 . 2009-03-22 17:05 20480 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-358707b0-n\gluegen-rt.dll
2009-03-22 17:05 . 2009-03-22 17:05 503808 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\msvcp71.dll
2009-03-22 17:05 . 2009-03-22 17:05 499712 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\jmc.dll
2009-03-22 17:05 . 2009-03-22 17:05 348160 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7bc3a207-n\msvcr71.dll
2009-03-22 17:03 . 2009-03-22 17:03 152576 ----a-w c:\documents and settings\Eric Lee\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-21 19:30 . 2008-08-31 06:25 78050 -c--a-w c:\windows\War3Unin.dat
2009-03-09 12:19 . 2009-01-10 01:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 22:36 . 2008-11-26 02:40 38208 ----a-w c:\documents and settings\Eric Lee\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
- genericleeNovice
-
OS : Windows XP
Posts : 25
Rubies : 3440
Likes : 0 -
genericlee on 22nd May 2009, 3:02 am
Part2
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
2009-05-22 02:41 29184 ----a-w c:\windows\system32\jhxm32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-20 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2005-11-19 483412]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-20 21:40 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"dla"=c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\WINDOWS\\system32\\CIMSVR.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sexybeast1992\\condition zero\\hl.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\fredthekid\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/28/2008 10:17 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/28/2008 10:17 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/28/2008 10:16 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/28/2008 10:16 AM 298776]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 11:39 AM 283904]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 7:28 AM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/19/2005 10:19 PM 17149]
S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe [11/6/2005 5:23 PM 69632]
S3 Ndinop;Ndinop; [x]
S4 Nakido;Nakido;c:\program files\Nakido\nakido.exe --> c:\program files\Nakido\nakido.exe [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 16:09]
2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 01:07]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Eric Lee\Application Data\Mozilla\Firefox\Profiles\3s4ldz7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Eric Lee\Application Data\Mozilla\Firefox\Profiles\3s4ldz7t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 19:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2216)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-22 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 02:57
Pre-Run: 6,773,055,488 bytes free
Post-Run: 7,850,160,128 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
311 --- E O F --- 2009-05-13 04:00
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
2009-05-22 02:41 29184 ----a-w c:\windows\system32\jhxm32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-20 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2005-11-19 483412]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-20 21:40 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"dla"=c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\WINDOWS\\system32\\CIMSVR.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sexybeast1992\\condition zero\\hl.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\fredthekid\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/28/2008 10:17 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/28/2008 10:17 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/28/2008 10:16 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/28/2008 10:16 AM 298776]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 11:39 AM 283904]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 7:28 AM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/19/2005 10:19 PM 17149]
S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe [11/6/2005 5:23 PM 69632]
S3 Ndinop;Ndinop; [x]
S4 Nakido;Nakido;c:\program files\Nakido\nakido.exe --> c:\program files\Nakido\nakido.exe [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 16:09]
2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 01:07]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Eric Lee\Application Data\Mozilla\Firefox\Profiles\3s4ldz7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Eric Lee\Application Data\Mozilla\Firefox\Profiles\3s4ldz7t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 19:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2216)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-22 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 02:57
Pre-Run: 6,773,055,488 bytes free
Post-Run: 7,850,160,128 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
311 --- E O F --- 2009-05-13 04:00
Page 1 of 3 • 1, 2, 3
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 3
Permissions in this forum:
You cannot reply to topics in this forum
