|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
task manager freezes. w/ hjt log
whenever i try to open task manager, the screen goes blank(but not all the time). i have avira antivir personal antivirus, spybot search and destroy, and lavasoft ad-aware. Antivir did not find anything as well as Ad-aware. Spybot S & D found a couple of stuff which it cleaned afterwards.
thanks! ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:24:57 AM, on 1/4/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingmysearch.com/bms/bling/Liewelyn%20 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/defa...=ap&l=en&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingl eInstance.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ChikkaDefault] C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9323 bytes |
#2
|
||||
|
||||
Hi mina915. I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.
Download Random's System Information Tool (RSIT) from here and save it to your desktop. Doubleclick on RSIT.exe to run it. Your computer will be scanned and once the scan has finished, two logs will open. Please post the contents of both (log.txt will be maximized and info.txt will be minimized) in this topic. You can also find the logs in the C:\rsit folder. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Please do not run any programs other than those that I suggest or install any new software while I am helping you. |
#3
|
||||
|
||||
info.txt logfile of random's system information tool 1.05 2009-01-04 04:42:55
======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plug in.exe Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log Alphalist Data Entry Ver. 2.0 SAWT/MAP Full Version-->C:\BIRALPHA\setup\setup.exe AMIP (remove only)-->"C:\Program Files\Winamp\Plugins\amip_uninstall.exe" AMIPConfigurator (remove only)-->"C:\Program Files\Winamp\Plugins\un_configurator.exe" Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Chikka Messenger V4-->C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SU BSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Diner Dash Flo Through Time-->"C:\Program Files\Diner Dash Flo Through Time\ReflexiveArcade\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" GunboundWC-->"C:\Program Files\softnyx\GunboundWC\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall iConnectHere SoftPhone 8.0.0.0-->"C:\deltathree Inc\unins000.exe" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel(R) PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel(R) PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003} Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} LaserJet 1020 series-->C:\Program Files\Zenographics\{1093701A-7FE0-4D45-B097-9F1078AC7A1A}\SETUP.EXE -u "HPLJInstaller.dll=Hplj1020.inf" Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} mIRC-->"C:\Users\user\Desktop\Scoop2004\mirc.exe" -uninstall MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658} Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MyPhotoBooks-->MsiExec.exe /I{7C284688-28B1-4C5A-90F2-66F1991808E2} Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)-->"C:\Program Files\ESET\ESET Smart Security\unins000.exe" Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48} Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia Software Updater-->MsiExec.exe /X{8CC51051-9B69-4F70-BBE6-F68DA834C05C} PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Sallys Spa-->"C:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SMART BRO-->"C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\setup.exe" -runfromtemp -l0x0009 -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SSS_LMS-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\SSS LMS\ST6UNST.LOG" SSS_R3-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\R3DISKETTE\ST6UNST.LOG" Tag&Rename 3.2-->"C:\Program Files\TagRename\unins000.exe" TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe TSP_CODEC-->C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E} Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56} Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B} Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D} Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565} Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Wedding Dash 2-->"C:\Program Files\Wedding Dash 2\ReflexiveArcade\unins000.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Spybot - Search and Destroy (outdated) AS: Windows Defender System event log Computer Name: user-PC Event Code: 7036 Message: The Windows Modules Installer service entered the running state. Record Number: 66164 Source Name: Service Control Manager Time Written: 20090103202506.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 7036 Message: The Windows Modules Installer service entered the stopped state. Record Number: 66165 Source Name: Service Control Manager Time Written: 20090103203506.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 7036 Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. Record Number: 66166 Source Name: Service Control Manager Time Written: 20090103203841.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 7036 Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. Record Number: 66167 Source Name: Service Control Manager Time Written: 20090103203947.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 7036 Message: The Windows Modules Installer service entered the running state. Record Number: 66168 Source Name: Service Control Manager Time Written: 20090103204005.000000-000 Event Type: Information User: Application event log Computer Name: user-PC Event Code: 1003 Message: The Windows Search Service started. Record Number: 16148 Source Name: Microsoft-Windows-Search Time Written: 20090103202215.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 1 Message: Certificate Services Client has been started successfully. Record Number: 16149 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090103202258.414289-000 Event Type: Information User: user-PC\user Computer Name: user-PC Event Code: 1 Message: Certificate Services Client has been started successfully. Record Number: 16150 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090103202307.398289-000 Event Type: Information User: NT AUTHORITY\SYSTEM Computer Name: user-PC Event Code: 1001 Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. Record Number: 16151 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090103202705.000000-000 Event Type: Information User: Computer Name: user-PC Event Code: 1000 Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. Record Number: 16152 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090103202705.000000-000 Event Type: Information User: Security event log Computer Name: user-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 16721 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090103204253.460989-000 Event Type: Audit Failure User: Computer Name: user-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 16722 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090103204253.476589-000 Event Type: Audit Failure User: Computer Name: user-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 16723 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090103204253.507789-000 Event Type: Audit Failure User: Computer Name: user-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 16724 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090103204253.538989-000 Event Type: Audit Failure User: Computer Name: user-PC Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 16725 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090103204253.585789-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF----------------- |
#4
|
||||
|
||||
Logfile of random's system information tool 1.05 (written by random/random)
Run by user at 2009-01-06 01:24:18 Microsoft® Windows Vista™ Home Basic Service Pack 1 System drive C: has 98 GB (43%) free of 228 GB Total RAM: 2036 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:24:26 AM, on 1/6/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Users\user\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingmysearch.com/bms/bling/Liewelyn%20 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/defa...=ap&l=en&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingl eInstance.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ChikkaDefault] C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9295 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-05-16 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-07 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingl eInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-07 2403392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-05-16 77824] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "NeroFilterCheck"=C:\Windows\system32\NeroCheck.ex e [2001-07-09 155648] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe [2008-08-07 171448] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "ChikkaDefault"=C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe [2007-08-28 36864] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-02-11 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{94754373-6daf-11dd-94c5-001d09972f65}] shell\AutoRun\command - K:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b214cdd7-6dec-11dd-8e6e-001d09972f65}] shell\AutoRun\command - L:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c3a020e9-9246-11dd-a8f6-001d09972f65}] shell\AutoRun\command - K:\Autorun.exe /run shell\Shell00\command - K:\Autorun.exe /run shell\Shell01\command - K:\Autorun.exe /action shell\Shell02\command - K:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f23d92e1-6f49-11dd-8acc-001d09972f65}] shell\AutoRun\command - K:\AutoRun.exe |
#5
|
||||
|
||||
======List of files/folders created in the last 1 months======
2009-01-04 04:42:49 ----D---- C:\rsit 2009-01-04 00:38:36 ----A---- C:\Windows\system32\VFP6RUN.EXE 2009-01-04 00:38:36 ----A---- C:\Windows\system32\VFP6RENU.DLL 2009-01-04 00:38:36 ----A---- C:\Windows\system32\VFP6R.DLL 2009-01-04 00:38:31 ----D---- C:\BIRALPHA 2008-12-29 02:45:20 ----D---- C:\ProgramData\Avira 2008-12-29 02:45:20 ----D---- C:\Program Files\Avira 2008-12-29 02:22:27 ----D---- C:\Users\user\AppData\Roaming\Malwarebytes 2008-12-29 02:22:22 ----D---- C:\ProgramData\Malwarebytes 2008-12-18 23:33:01 ----A---- C:\Windows\system32\mshtml.dll 2008-12-11 21:47:27 ----A---- C:\Windows\system32\tzres.dll 2008-12-11 20:18:51 ----A---- C:\Windows\system32\gdi32.dll 2008-12-11 20:18:45 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-11 20:18:44 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-11 20:18:20 ----A---- C:\Windows\system32\shell32.dll 2008-12-11 20:18:09 ----A---- C:\Windows\explorer.exe 2008-12-11 20:18:02 ----A---- C:\Windows\system32\urlmon.dll 2008-12-11 20:18:02 ----A---- C:\Windows\system32\ieframe.dll 2008-12-11 20:18:01 ----A---- C:\Windows\system32\wininet.dll 2008-12-11 20:18:01 ----A---- C:\Windows\system32\mstime.dll 2008-12-11 20:18:00 ----A---- C:\Windows\system32\jsproxy.dll 2008-12-11 20:18:00 ----A---- C:\Windows\system32\iertutil.dll 2008-12-11 20:17:49 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-11 20:17:49 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-11 20:17:49 ----A---- C:\Windows\system32\mf.dll 2008-12-11 20:17:48 ----A---- C:\Windows\system32\logagent.exe 2008-12-09 16:49:03 ----A---- C:\Windows\NeroDigital.ini 2008-12-07 21:54:03 ----D---- C:\Users\user\AppData\Roaming\Winamp 2008-12-07 18:18:08 ----A---- C:\Windows\winamp.ini 2008-12-07 18:02:32 ----D---- C:\Program Files\Trend Micro 2008-12-07 17:25:23 ----D---- C:\logs 2008-12-07 17:25:14 ----D---- C:\Program Files\Chikka Messenger ======List of files/folders modified in the last 1 months====== 2009-01-06 01:24:21 ----D---- C:\Windows\Temp 2009-01-06 01:19:20 ----D---- C:\Program Files\Mozilla Firefox 2009-01-06 00:39:35 ----D---- C:\Windows\system32\drivers 2009-01-05 23:14:43 ----D---- C:\Windows\tracing 2009-01-05 04:57:18 ----SHD---- C:\System Volume Information 2009-01-05 03:18:47 ----D---- C:\Windows\Prefetch 2009-01-04 17:20:12 ----D---- C:\Windows\System32 2009-01-04 17:20:12 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-01-04 17:20:11 ----D---- C:\Windows\inf 2009-01-04 11:32:23 ----D---- C:\Windows\system32\LogFiles 2009-01-04 04:53:14 ----D---- C:\Windows 2009-01-04 04:29:38 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-01-04 04:13:25 ----D---- C:\Program Files\Diner Dash Seasonal Snack Pack 2009-01-04 04:13:04 ----D---- C:\Program Files\Beach Party Craze 2009-01-02 13:16:25 ----D---- C:\Users\user\AppData\Roaming\mIRC 2009-01-02 12:27:41 ----D---- C:\Program Files\mIRC 2009-01-02 08:26:55 ----RD---- C:\Program Files 2008-12-30 04:55:28 ----SHD---- C:\Windows\Installer 2008-12-29 03:04:21 ----D---- C:\Windows\system32\catroot 2008-12-29 02:50:23 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-12-29 02:45:20 ----HD---- C:\ProgramData 2008-12-22 11:12:50 ----D---- C:\MDT 2008-12-21 18:08:47 ----D---- C:\Windows\system32\catroot2 2008-12-21 00:06:43 ----D---- C:\Windows\Minidump 2008-12-21 00:06:43 ----D---- C:\Windows\Debug 2008-12-18 23:33:32 ----D---- C:\Windows\winsxs 2008-12-11 22:10:48 ----D---- C:\Windows\rescache 2008-12-11 21:53:00 ----D---- C:\Program Files\Windows Mail 2008-12-11 21:52:57 ----D---- C:\Windows\AppPatch 2008-12-11 21:52:54 ----D---- C:\Windows\system32\en-US 2008-12-11 21:51:33 ----D---- C:\ProgramData\Microsoft Help 2008-12-10 07:24:37 ----A---- C:\Windows\system32\mrt.exe 2008-12-07 21:54:27 ----D---- C:\Program Files\Winamp ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\Windows\system32\drivers\Aavmker4.sys [2006-09-25 24560] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 aswMon2;avast! Standard Shield Support; C:\Windows\system32\drivers\aswMon2.sys [2006-09-25 87424] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-19 986624] R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-19 258048] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-19 659968] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 Revolution1;Revolution1; \??\C:\Users\user\Downloads\gb\gb\Revolution_Engin e_8.3_ShaK3\SHAK3.sys [2007-07-01 20864] S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys [] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2008-03-18 105088] S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2008-03-18 105088] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2008-03-18 105088] S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-05-16 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-11 611664] R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Autorun CDROM Monitor;Autorun CDROM Monitor; C:\Windows\system32\SupportAppXL\cdrom_mon.exe [2008-02-18 81920] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968] R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-07 138168] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504] -----------------EOF----------------- |
#6
|
||||
|
||||
Hi mina915. I want to see a couple of files please.
Go here and download Catchme to your Desktop. Copy all the script in the below codebox and then doubleclick on catchme.exe to run it. Code:
Files: C:\Windows\System32\drivers\tcpip.sys C:\Windows\system32\SupportAppXL\cdrom_mon.exe Catchme will produce a log. Please copy it in this thread. Additionally, Catchme will generate a zipped file on your desktop called Catchme.zip. Please send this file to anniefriday@xtra.co.nz and include a link to this thread. Title your email "Requested Files". |
#7
|
||||
|
||||
Hi mina915. I received cdrom_mon.exe and it's a legitimate file so that's fine but Catchme could not find tcpip.sys which is very strange.
Click on Start and type cmd in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as Administrator". Copy and paste the following command in the Code box after the prompt > and hit Enter. dir /s /a "c:\tcpip*.*" > c:\find.txt & start notepad c:\find.txt Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread. |
#8
|
||||
|
||||
Volume in drive C is MINA
Volume Serial Number is 9699-1F1F Directory of c:\Program Files\Spybot - Search & Destroy\Plugins 12/24/2007 02:05 AM 121,344 TCPIPAddress.dll 1 File(s) 121,344 bytes Directory of c:\Windows\Help\mui\0409 01/05/2008 07:34 PM 30,980 tcpip.CHM 1 File(s) 30,980 bytes Directory of c:\Windows\System32 01/19/2008 03:36 PM 170,496 tcpipcfg.dll 1 File(s) 170,496 bytes Directory of c:\Windows\System32\drivers 04/26/2008 04:26 PM 891,448 tcpip.sys 01/19/2008 01:56 PM 30,208 tcpipreg.sys 2 File(s) 921,656 bytes Directory of c:\Windows\System32\en-US 01/19/2008 03:43 PM 40,960 tcpipcfg.dll.mui 1 File(s) 40,960 bytes Directory of c:\Windows\System32\migwiz\dlmanifests 01/05/2008 07:28 PM 11,741 TCPIP-DL.man 1 File(s) 11,741 bytes Directory of c:\Windows\System32\Tasks\Microsoft\Windows 11/02/2006 08:49 PM <DIR> Tcpip 0 File(s) 0 bytes Directory of c:\Windows\System32\wbem 09/19/2006 05:36 AM 3,066 tcpip.mof 1 File(s) 3,066 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6000.16386_none_83e6740 b0881e9b8 11/02/2006 04:57 PM 27,648 tcpipreg.sys 1 File(s) 27,648 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6001.18000_none_861d360 7056cfa8c 01/19/2008 01:56 PM 30,208 tcpipreg.sys 1 File(s) 30,208 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386 _none_0041f38286aeaf07 11/02/2006 08:34 PM 5,986 TCPIP-DL.man 1 File(s) 5,986 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000 _none_0278b57e8399bfdb 01/05/2008 07:28 PM 11,741 TCPIP-DL.man 1 File(s) 11,741 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e 1252666640f6 01/19/2008 03:43 PM 891,448 tcpip.sys 1 File(s) 891,448 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e0 33a8669434a1 04/26/2008 04:26 PM 891,448 tcpip.sys 1 File(s) 891,448 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36d d19b7fae39c7 04/26/2008 04:08 PM 891,448 tcpip.sys 1 File(s) 891,448 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.0.6000.16386_none_35a721da8 8047d1b 09/19/2006 05:36 AM 3,066 tcpip.mof 1 File(s) 3,066 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.0.6000.16386_en-us_ca0bb75cd038edc9 11/02/2006 08:39 PM 40,960 tcpipcfg.dll.mui 1 File(s) 40,960 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cc427958cd23fe9d 01/19/2008 03:43 PM 40,960 tcpipcfg.dll.mui 1 File(s) 40,960 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e 0926e99e4 11/02/2006 04:58 PM 802,816 tcpip.sys 11/02/2006 05:46 PM 167,424 tcpipcfg.dll 2 File(s) 970,240 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577c e925d75a7 05/16/2008 10:28 PM 802,816 tcpip.sys 05/16/2008 10:28 PM 167,424 tcpipcfg.dll 2 File(s) 970,240 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b96 4923d030a 05/16/2008 10:37 PM 803,328 tcpip.sys 05/16/2008 10:37 PM 167,424 tcpipcfg.dll 2 File(s) 970,752 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20597_none_5fcea2e fab936c1d 05/16/2008 10:27 PM 803,840 tcpip.sys 05/16/2008 10:27 PM 167,424 tcpipcfg.dll 2 File(s) 971,264 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb755 5ab898001 05/16/2008 10:28 PM 804,352 tcpip.sys 05/16/2008 10:28 PM 167,424 tcpipcfg.dll 2 File(s) 971,776 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f 9ab7777f4 05/16/2008 10:37 PM 806,400 tcpip.sys 05/16/2008 10:37 PM 167,424 tcpipcfg.dll 2 File(s) 973,824 bytes Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.18000_none_618595d c8f59aab8 01/19/2008 03:36 PM 170,496 tcpipcfg.dll 1 File(s) 170,496 bytes Directory of c:\Windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6000.1638 6_en-us_2360d422b69f0e36 11/02/2006 08:39 PM 31,036 tcpip.CHM 1 File(s) 31,036 bytes Directory of c:\Windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6001.1800 0_en-us_2597961eb38a1f0a 01/05/2008 07:34 PM 30,980 tcpip.CHM 1 File(s) 30,980 bytes Total Files Listed: 33 File(s) 10,195,764 bytes 1 Dir(s) 109,277,155,328 bytes free |
#9
|
||||
|
||||
The file is there. Maybe we should have run Catchme as Administrator. I think we will try something different.
I want you to upload the file to an online scanner please. Make sure that you can view view hidden files and folders and uncheck "Hide Extensions for Known File Types" and "Hide Protected Operating System Files" (in Vista, click on the Start Orb and go to Control Panel. Click on Classic View > Folder Options and then follow the rest of the instructions). Navigate to C:\Windows\System32\drivers and look for tcpip.sys. When you find it, go here and upload it to be scanned. Copy and paste the results please. |
#10
|
||||
|
||||
File tcpip.sys received on 01.10.2009 15:27:07 (CET)
Current status: finished Result: 0/36 (0.00%) Antivirus Version Last Update Result a-squared 4.0.0.73 2009.01.10 - AhnLab-V3 2009.1.10.0 2009.01.09 - AntiVir 7.9.0.54 2009.01.10 - Authentium 5.1.0.4 2009.01.10 - Avast 4.8.1281.0 2009.01.09 - AVG 8.0.0.229 2009.01.09 - BitDefender 7.2 2009.01.10 - CAT-QuickHeal 10.00 2009.01.09 - ClamAV 0.94.1 2009.01.10 - Comodo 910 2009.01.10 - DrWeb 4.44.0.09170 2009.01.10 - eSafe 7.0.17.0 2009.01.08 - eTrust-Vet 31.6.6301 2009.01.10 - F-Prot 4.4.4.56 2009.01.09 - F-Secure 8.0.14470.0 2009.01.10 - Fortinet 3.117.0.0 2009.01.10 - GData 19 2009.01.10 - Ikarus T3.1.1.45.0 2009.01.10 - K7AntiVirus 7.10.584 2009.01.09 - Kaspersky 7.0.0.125 2009.01.10 - McAfee 5490 2009.01.09 - McAfee+Artemis 5490 2009.01.09 - Microsoft 1.4205 2009.01.10 - NOD32 3756 2009.01.10 - Norman 5.99.02 2009.01.09 - Panda 9.4.3.3 2009.01.10 - PCTools 4.4.2.0 2009.01.10 - Prevx1 V2 2009.01.10 - Rising 21.11.52.00 2009.01.10 - SecureWeb-Gateway 6.7.6 2009.01.10 - Sophos 4.37.0 2009.01.10 - Sunbelt 3.2.1831.2 2009.01.09 - TheHacker 6.3.1.4.216 2009.01.10 - TrendMicro 8.700.0.1004 2009.01.09 - ViRobot 2009.1.10.1553 2009.01.10 - VirusBuster 4.5.11.0 2009.01.09 - Additional information File size: 891448 bytes MD5...: 82e266bee5f0167e41c6ecfdd2a79c02 SHA1..: f633629656e43452aa08611f0f72d24a46e7441c SHA256: 1f462e882a662b2a133df035c435001b2ef6364f49a9ed6a6d 98bd643093b666 SHA512: 68d9b06394cbedac12e7f7614e869a23d19e1b192d7073b54d a9b52dce107b0a a3728e42daadb142012dbe75c99c8804c3546d3d06b9cb37d1 0ba7548051e565 ssdeep: 24576:AU8e8jAyOLkAnwNfH7QijBpVptQ9xtoYA8pk2NoahI/9+6lG:XBmpExtUG zh PEiD..: - TrID..: File type identification Win64 Executable Generic (87.2%) Win32 Executable Generic (8.6%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xeb1b9 timedatestamp.....: 0x4812c4f1 (Sat Apr 26 06:00:17 2008) machinetype.......: 0x14c (I386) ( 9 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xb845a 0xb8600 6.56 00a1233fe9746187447652d7dc3ffbc6 .rdata 0xba000 0xa624 0xa800 5.96 493d852e4c61e97ecccb7c0f9ef00453 .data 0xc5000 0x127bc 0x8200 0.73 4b04e70641bc018f3bb3ecfe21d14085 PAGE 0xd8000 0x998 0xa00 6.24 adb86400cc1779d55c23b4541ed877a5 .edata 0xd9000 0x49 0x200 0.85 bc4f6499041f7ae6ccd4f9bc34c9a0a6 PAGECONS 0xda000 0x78 0x200 1.25 c38c1652cc4ccd80c9fa5a4b7fd44dce INIT 0xdb000 0x3e4a 0x4000 5.86 ae6a9304fa92558ccc9e7b58b71aea61 .rsrc 0xdf000 0x3e0 0x400 3.35 26021db0eb5acfd57a42b734b5c2a9bd .reloc 0xe0000 0x6b2c 0x6c00 6.77 652655dbea4ffa2f4b600805faa41e67 ( 8 imports ) > ntoskrnl.exe: MmUserProbeAddress, PsGetCurrentProcessId, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeLeaveCriticalRegion, ExReleaseResourceLite, ExDeleteResourceLite, ExInitializeResourceLite, RtlUnwind, RtlAnsiCharToUnicodeChar, MmProbeAndLockPages, RtlInitializeBitMap, RtlSetBit, RtlSetBits, ExInitializeLookasideListEx, ExDeleteLookasideListEx, KeBugCheckEx, DbgPrint, RtlEqualSid, RtlSubAuthoritySid, SeQueryInformationToken, ObOpenObjectByPointer, ZwQueryInformationToken, ExGetPreviousMode, ExUuidCreate, ExAllocatePoolWithQuotaTag, KeTickCount, IoGetCurrentProcess, KeInitializeMutex, KeBugCheck, KeDelayExecutionThread, SeSetAuditParameter, SeReportSecurityEventWithSubCategory, DbgBreakPoint, MmSizeOfMdl, MmUnmapLockedPages, ObLogSecurityDescriptor, SeCaptureSubjectContextEx, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAccessCheck, SeUnlockSubjectContext, SeReleaseSubjectContext, RtlCreateSecurityDescriptor, SeExports, RtlLengthSid, RtlCreateAcl, RtlAddAccessAllowedAceEx, RtlSetDaclSecurityDescriptor, ExInterlockedFlushSList, KeInitializeSemaphore, ExAllocatePoolWithTagPriority, MmUnlockPages, RtlVerifyVersionInfo, KeInitializeTimerEx, ExGetCurrentProcessorCounts, KeSetTimerEx, KeQueryActiveProcessors, KeQueryInterruptTime, KeFlushQueuedDpcs, KeCancelTimer, KeInitializeDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, KeWaitForMultipleObjects, KeInsertQueueDpc, IoAllocateWorkItem, IoQueueWorkItem, IoFreeWorkItem, MmBuildMdlForNonPagedPool, KeQueryMaximumProcessorCount, RtlInitializeGenericTableAvl, RtlGetVersion, KeQuerySystemTime, RtlLookupElementGenericTableFullAvl, ObDereferenceSecurityDescriptor, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExNotifyCallback, KeIsExecutingDpc, PsGetProcessSessionId, InterlockedPushEntrySList, InterlockedPopEntrySList, KefAcquireSpinLockAtDpcLevel, IoAllocateMdl, IoBuildPartialMdl, KefReleaseSpinLockFromDpcLevel, IoFreeMdl, PsGetProcessId, MmMapLockedPagesSpecifyCache, ZwQuerySystemInformation, KeTestSpinLock, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeReleaseInStackQueuedSpinLockFromDpcLevel, ObReferenceSecurityDescriptor, KeReleaseSemaphore, ExCreateCallback, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfReferenceObject, PsGetCurrentProcess, PsIsSystemThread, PsGetThreadProcess, KeGetCurrentThread, KeInitializeEvent, KeSetEvent, RtlEnumerateGenericTableLikeADirectory, RtlIpv4AddressToStringExW, RtlIpv6AddressToStringExW, RtlTimeToTimeFields, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, RtlLengthRequiredSid, RtlInitializeSid, RtlAddAccessAllowedAce, ObSetSecurityObjectByPointer, IoCreateDevice, IoDeleteDevice, KeWaitForSingleObject, KeQueryActiveProcessorCount, KeReleaseMutex, ZwOpenEvent, ObReferenceObjectByHandle, ZwClose, ObfDereferenceObject, KeReadStateEvent, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, RtlValidSid, RtlCopySid, ZwEnumerateKey, ObCloseHandle, RtlIpv4StringToAddressW, RtlIpv6StringToAddressW, RtlIntegerToUnicodeString, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, ZwQueryValueKey, RtlUnicodeStringToInteger, ZwOpenKey, RtlCompareUnicodeString, PsSetCreateProcessNotifyRoutineEx, SeLocateProcessImageName, ZwCreateFile, RtlDowncaseUnicodeString, ZwOpenProcess, KeStackAttachProcess, ZwDuplicateToken, KeUnstackDetachProcess, IoDeleteSymbolicLink, IoCreateSymbolicLink, KeQueryTimeIncrement, PsReferenceImpersonationToken, PsDereferencePrimaryToken, PsReferencePrimaryToken, VerSetConditionMask, RtlFindSetBits, RtlAreBitsClear, RtlFindClearBits, RtlClearBits, ExAcquireResourceSharedLite, RtlClearBit, RtlClearAllBits, SeOpenObjectAuditAlarmForNonObObject, RtlTestBit, PsDereferenceImpersonationToken, RtlQueryRegistryValues, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, RtlSubAuthorityCountSid, ExFreePoolWithTag > NETIO.SYS: FsbAllocateAtDpcLevel, RtlInitializeTimerWheelEntry, NetioShutdownWorkQueue, RtlComputeToeplitzHash, RtlLookupEntryHashTable, RtlGetNextEntryHashTable, RtlInsertEntryHashTable, RtlRemoveEntryHashTable, RtlCleanupTimerWheelEntry, RtlReturnTimerWheelEntry, RtlGetNextExpiredTimerWheelEntry, RtlDeleteElementGenericTableBasicAvl, NetioInitializeWorkQueue, RtlInsertElementGenericTableBasicAvl, FsbAllocate, NetioAdvanceToLocationInNetBuffer, RtlCopyMdlToMdlIndirect, RtlUpdateCurrentTimerWheelTick, RtlEndTimerWheelEnumeration, RtlEnumerateNextTimerWheelEntry, RtlInitializeTimerWheelEnumeration, RtlCleanupTimerWheel, RtlDeleteHashTable, RtlCreateHashTable, RtlInitializeTimerWheel, RtlContractHashTable, RtlExpandHashTable, RtlEndEnumerationHashTable, RtlEnumerateEntryHashTable, RtlInitEnumerationHashTable, NetioFreeOpaquePerProcessorContext, NetioAllocateOpaquePerProcessorContext, TlDefaultRequestQueryDispatchEndpoint, TlDefaultRequestMessage, TlDefaultRequestQueryDispatch, RtlEndWeakEnumerationHashTable, RtlWeaklyEnumerateEntryHashTable, RtlInitWeakEnumerationHashTable, NsiSetAllParameters, RtlCopyMdlToBuffer, NetioFreeNetBufferAndNetBufferList, NetioAllocateAndReferenceNetBufferAndNetBufferList , RtlCopyBufferToMdl, NmrWaitForClientDeregisterComplete, NmrDeregisterClient, NmrClientDetachProviderComplete, NmrClientAttachProvider, NmrRegisterClient, NmrProviderDetachClientComplete, NmrRegisterProvider, NmrWaitForProviderDeregisterComplete, NmrDeregisterProvider, NetioRetreatNetBufferList, NetioAllocateAndReferenceCopyNetBufferListEx, NetioCompleteCopyNetBufferListChain, NetioFreeCopyNetBufferList, NetioInitializeNetBufferListContext, TlDefaultRequestCancel, TlDefaultRequestConnect, TlDefaultRequestListen, NetioReferenceNetBufferList, TlDefaultRequestIoControl, NetioDereferenceNetBufferListChain, NetioAllocateNetBufferMdlAndData, NetioAllocateAndReferenceNetBufferListNetBufferMdl AndData, NetioDereferenceNetBufferList, NetioFreeNetBuffer, NetioExtendNetBuffer, NetioFreeNetBufferList, FsbFree, RtlIndicateTimerWheelEntryTimerStart, NetioFreeMdl, NetioFreeNetBufferListNetBufferMdlAndDataPool, NetioAllocateNetBufferMdlAndDataPool, NetioAllocateNetBufferListNetBufferMdlAndDataPool, NetioFreeNetBufferMdlAndDataPool, RtlCleanupToeplitzHash, RtlInitializeToeplitzHash, WfpStartStreamShim, NetioAllocateMdl, NetioInsertWorkQueue, WfpStreamInspectRemoteDisconnect, WfpStreamInspectReceive, WfpStreamInspectDisconnect, WfpStreamInspectSend, WfpStreamEndpointCleanupBegin, NetioInitializeNetBufferListAndFirstNetBufferConte xt, NsiEnumerateObjectsAllParameters, NsiReferenceDefaultObjectSecurity, NsiDeregisterChangeNotification, NsiRegisterChangeNotification, NetioCompleteNetBufferListChain, RtlCopyMdlToMdl, NetioAllocateAndReferenceFragmentNetBufferList, SetWfpDeviceObject, IoctlKfdBatchUpdate, IoctlKfdDeleteIndex, IoctlKfdAddIndex, IoctlKfdAddCache, IoctlKfdResetState, IoctlKfdQueryLayerStatistics, IoctlKfdAbortTransaction, IoctlKfdCommitTransaction, IoctlKfdDeleteCache, KfdIsActiveCallout, HfCreateFactory, HfDestroyFactory, NsiSetObjectSecurity, NetioAllocateNetBuffer, NetioAllocateAndReferenceNetBufferList, PtGetNumNodes, PtCreateTable, PtDestroyTable, PtDeleteEntry, PtInsertEntry, PtGetExactMatch, PtEnumOverTable, PtGetLongestMatch, PtGetNextShorterMatch, RtlCompute37Hash, PtGetKey, PtSetData, PtGetData, NsiSetParameter, NsiAllocateAndGetTable, NsiFreeTable, NetioCompleteNetBufferAndNetBufferListChain, NetioQueryNetBufferListTrafficClass, NetioAllocateAndReferenceVacantNetBufferList, NetioAllocateAndReferenceCloneNetBufferListEx, NetioExpandNetBuffer, NetioUpdateNetBufferListContext, NetioAllocateAndReferenceCloneNetBufferList, NetioFreeCloneNetBufferList, NsiGetParameter, KfdCheckAcceptBypass, KfdCheckAndCacheAcceptBypass, KfdCheckConnectBypass, KfdCheckAndCacheConnectBypass, KfdGetLayerActionFromEnumTemplate, KfdEnumLayer, KfdGetNextFilter, KfdDerefFilterContext, KfdFreeEnumHandle, WfpScavangeLeastRecentlyUsedList, KfdAleInitializeFlowTable, WfpSetBucketsToEmptyLru, WfpExpireEntryLru, WfpInsertEntryLru, WfpDeleteEntryLru, WfpStreamIsFilterPresent, KfdToggleFilterActivation, NsiGetAllParameters, WfpInitializeLeastRecentlyUsedList, KfdAleNotifyFlowDeletion, FwppStreamDeleteDpcQueue, WfpUninitializeLeastRecentlyUsedList, KfdAleUninitializeFlowHandles, KfdAleInitializeFlowHandles, KfdGetOffloadEpoch, KfdIsLsoOffloadPossibleV6, KfdIsLsoOffloadPossibleV4, KfdIsV6InTransportFastEmpty, KfdIsV4InTransportFastEmpty, KfdIsV6OutTransportFastEmpty, KfdIsV4OutTransportFastEmpty, WfpRefreshEntryLru, NetioAdvanceNetBufferList, KfdCheckClassifyNeededAndUpdateEpoch, KfdAleAcquireFlowHandleForFlow, KfdClassify, KfdAleReleaseFlowHandleForFlow, KfdGetLayerCacheEpoch, KfdIsLayerEmpty, FwppStreamInject, FwppStreamContinue, FwppCopyStreamDataToBuffer, FwppAdvanceStreamDataPastOffset, FwppTruncateStreamDataAfterOffset, NetioUnRegisterProcessorAddCallback, NetioUnInitializeNetBufferListLibrary, NetioInitializeNetBufferListLibrary, NetioRegisterProcessorAddCallback, RtlInvokeStartRoutines, RtlInvokeStopRoutines, FsbDestroyPool, WfpStopStreamShim, FsbCreatePool, NsiGetParameterEx > NDIS.SYS: NdisDeregisterProtocolDriver, NdisRegisterProtocolDriver, NdisInitiateOffload, NdisInitializeTimer, NdisAcquireReadWriteLock, NdisGetSessionToCompartmentMappingEpochAndZero, NdisTerminateOffload, NdisUpdateOffload, NdisInvalidateOffload, NdisQueryOffloadState, NdisOidRequest, NdisDirectOidRequest, NdisCompleteNetPnPEvent, NdisCloseAdapterEx, NdisOpenAdapterEx, NdisSetTimer, NdisInitializeReadWriteLock, NdisCancelTimer, NdisCancelSendNetBufferLists, NdisSendNetBufferLists, NdisReleaseReadWriteLock, NdisReturnNetBufferLists, NdisOffloadTcpSend, NdisOffloadTcpReceive, NdisOffloadTcpReceiveReturn, NdisOffloadTcpDisconnect, NdisSetOptionalHandlers, NdisOffloadTcpForward, NdisGetDataBuffer, NetDmaRegisterClient, NetDmaDeregisterClient, NetDmaFreeChannel, NetDmaAllocateChannel, NdisGetProcessorInformation, NdisFreeNetBufferList, NetDmaNullTransfer, NetDmaIsDmaCopyComplete, NdisGetThreadObjectCompartmentId, NdisGetSessionCompartmentId, NdisAdjustNetBufferCurrentMdl, NdisAdvanceNetBufferDataStart, NdisRetreatNetBufferDataStart > FLTMGR.SYS: FltGetFileNameInformationUnsafe, FltReleaseFileNameInformation > fwpkclnt.sys: FwpsCalloutUnregisterByKey0, FwpmBfeStateSubscribeChangesWithoutDevice0, FwpmBfeStateUnsubscribeChanges0, FwpsClassifyOptionSet0, FwpmEngineClose0, FwpmEngineOpen0, FwpmSecureSocketDeleteByKeyAsync0, FwpmSecureSocketAddAsync0, FwpmEventProviderIsNetEventTypeEnabled0, FwpsRequestEndpointDeleteNotification0, FwppDispatchDevCtl0, IPsecDriverExpire, IPsecDriverInitiateAcquire, FwpmEventProviderFireNetEvent0, FwpsTcpIpDispatchTableClear0, FwpmEventProviderDestroy0, FwpmEventProviderCreate0, FwpsTcpIpDispatchTableSet0, FwpsCalloutRegisterWithoutDevice0 > HAL.dll: KeGetCurrentIrql, KfReleaseSpinLock, KfLowerIrql, KfAcquireSpinLock, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, KeRaiseIrqlToDpcLevel, ExReleaseFastMutex, ExAcquireFastMutex, KfRaiseIrql, KeQueryPerformanceCounter > ksecdd.sys: BCryptDestroyHash, BCryptDecrypt, BCryptCloseAlgorithmProvider, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGetProperty, BCryptGenRandom, BCryptHashData, BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptDestroyKey, BCryptFinishHash, BCryptCreateHash > msrpc.sys: NdrMesTypeDecode2, MesHandleFree, I_RpcExceptionFilter, MesDecodeBufferHandleCreate ( 1 exports ) EQoSTestHook |
#11
|
||||
|
||||
Ok, that's fine. Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).
Doubleclick on combofix.exe and the scan will start (go ahead and install the Recovery Console if you are asked to do so). When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. NB Please disable your antivirus program as it may interfere with ComboFix's routines. Copy this log in your next reply together with a new Hijack This log. |
#12
|
||||
|
||||
ComboFix 09-01-10.03 - user 2009-01-11 23:37:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1194 [GMT 8:00] Running from: C:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msrdo20.dll c:\windows\system32\rdocurs.dll c:\windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))))) . 2009-01-11 23:33 . 2009-01-11 23:34 2,915,194 -ra------ C:\ComboFix.exe 2009-01-09 21:41 . 2009-01-09 21:43 966,339 --a------ c:\users\user\BuddySpySetup(2).exe 2009-01-09 03:35 . 2009-01-09 03:35 <DIR> d-------- c:\program files\PHILHEALTH 2009-01-09 03:35 . 2009-01-09 03:38 <DIR> d-------- C:\PHILHEALTH 2009-01-09 03:35 . 1999-06-21 05:10 183,808 --a------ c:\windows\System32\BDEADMIN.CPL 2009-01-09 03:35 . 2009-01-09 03:38 13,030 --a------ C:\PDOXUSRS.NET 2009-01-04 04:42 . 2009-01-04 04:42 <DIR> d-------- C:\rsit 2009-01-04 00:38 . 2009-01-10 00:08 <DIR> d-------- C:\BIRALPHA 2009-01-04 00:38 . 2009-01-04 00:38 3,373,328 --a------ c:\windows\System32\VFP6R.DLL 2009-01-04 00:38 . 2009-01-04 00:38 876,032 --a------ c:\windows\System32\VFP6RENU.DLL 2009-01-04 00:38 . 2009-01-04 00:38 24,990 --a------ c:\windows\System32\VFP6RUN.EXE 2008-12-29 02:45 . 2008-12-29 02:45 <DIR> d-------- c:\users\All Users\Avira 2008-12-29 02:45 . 2008-12-29 02:45 <DIR> d-------- c:\programdata\Avira 2008-12-29 02:45 . 2008-12-29 02:45 <DIR> d-------- c:\program files\Avira 2008-12-29 02:22 . 2008-12-29 02:22 <DIR> d-------- c:\users\user\AppData\Roaming\Malwarebytes 2008-12-29 02:22 . 2008-12-29 02:22 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-29 02:22 . 2008-12-29 02:22 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-11 21:47 . 2008-10-22 09:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-11 20:18 . 2008-11-01 09:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-11 20:18 . 2008-10-29 14:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-11 20:18 . 2008-10-16 12:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-11 20:18 . 2008-10-21 13:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-11 20:18 . 2008-11-01 11:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-11 20:17 . 2008-06-23 09:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-11 20:17 . 2008-06-23 09:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-11 20:17 . 2008-06-23 09:58 94,720 --a------ c:\windows\System32\logagent.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-01-11 15:34 --------- d-----w c:\users\user\AppData\Roaming\mIRC 2009-01-11 05:03 --------- d-----w c:\program files\mIRC 2009-01-08 18:57 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-01-03 20:13 --------- d-----w c:\program files\Diner Dash Seasonal Snack Pack 2009-01-03 20:13 --------- d-----w c:\program files\Beach Party Craze 2008-12-28 18:50 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-11 13:53 --------- d-----w c:\program files\Windows Mail 2008-12-11 13:51 --------- d-----w c:\programdata\Microsoft Help 2008-12-07 13:56 --------- d-----w c:\users\user\AppData\Roaming\Winamp 2008-12-07 13:54 --------- d-----w c:\program files\Winamp 2008-12-07 10:02 --------- d-----w c:\program files\Trend Micro 2008-12-07 09:25 --------- d-----w c:\program files\Chikka Messenger 2008-12-06 10:31 --------- d-----w c:\program files\Common Files\Adobe 2008-12-04 09:27 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BC F6} 2008-12-04 09:27 --------- d-----w c:\program files\iTunes 2008-12-04 09:27 --------- d-----w c:\program files\iPod 2008-12-04 09:27 --------- d-----w c:\program files\Common Files\Apple 2008-12-04 09:26 --------- d-----w c:\program files\QuickTime 2008-11-29 18:45 --------- d-----w c:\programdata\Yahoo! Companion 2008-11-28 19:08 --------- d-----w c:\program files\Trillian 2008-11-21 17:43 --------- d-----w c:\programdata\Arcade Lab 2008-11-21 12:09 --------- d-----w c:\users\user\AppData\Roaming\Skype 2008-11-21 12:04 --------- d-----w c:\users\user\AppData\Roaming\skypePM 2008-11-18 10:14 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-11-18 10:13 315,392 ----a-w c:\windows\HideWin.exe 2008-11-18 10:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-18 10:13 --------- d-----w c:\program files\Realtek 2008-11-18 10:12 --------- d-----w c:\program files\Dell 2008-11-17 15:59 --------- d-----w c:\users\user\AppData\Roaming\Ahead 2008-11-17 15:59 --------- d-----w c:\program files\Common Files\Ahead 2008-11-17 15:59 --------- d-----w c:\program files\Ahead 2008-11-16 20:30 --------- d-----w c:\program files\Common Files\INCA Shared 2008-11-16 20:20 --------- d-----w c:\program files\softnyx 2008-11-14 11:18 --------- d-----w c:\program files\MyPhotoBooks 2008-11-12 15:21 --------- d-----w c:\users\user\AppData\Roaming\PlayFirst 2008-11-12 15:21 --------- d-----w c:\programdata\PlayFirst 2008-11-12 15:21 --------- d-----w c:\program files\Diner Dash Flo Through Time 2008-11-03 17:29 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-11-03 17:29 286,720 ------w c:\windows\Setup1.exe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-27 19:22 7,405,568 ----a-w c:\users\user\Firefox Setup 3.0.3.exe 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 06:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 05:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-09-19 10:03 27,113 ----a-w c:\users\user\ym(9,8,7)_nowPlaying_v4.6.zip 2008-08-31 13:43 262,144 ----a-w c:\programdata\ntuser.dat 2008-07-27 08:58 94 ----a-w c:\users\user\AppData\Roaming\wklnhst.dat 2008-07-16 16:50 70,176 ----a-w c:\users\user\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-06-28 16:32 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-08-07 171448] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120] "ChikkaDefault"="c:\program files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe" [2007-08-28 36864] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-05-16 77824] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 c:\windows\RtHDVCpl.exe] c:\users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-05-16 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-09-03 20:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] --------- 2007-09-17 11:56 124200 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 15:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2901830702-858973381-3903618705-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{39D6F966-F1CF-4491-BBD0-C5A0A4BAB552}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX "{146BE018-17D6-432B-8783-3A54F7987567}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program "{89F58551-66B2-4932-BE3C-797794ADD38F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C88C747B-14FA-45C6-8615-A99449C37631}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F67719CE-A8BD-4D08-95BE-7EB05AE912F6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{6DF6A668-77E9-4E4C-B91D-2160AB72B231}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{C0EFDA8C-77A0-4DFA-ADCD-4FB159F4DCDF}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{791E9361-7486-4534-A13A-3BD540495829}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BF172EAC-CF9F-49C6-9583-B95C148FC315}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5A761725-3B49-41BB-BDF1-174D0396DB0A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{E66AA3D5-3262-43CE-A65A-197D9FB3D40B}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{450AB35E-A127-4F3F-9742-C656355CE7F2}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{7B1BB207-67DC-42F6-943A-23BB5ABF1A14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{AE58930A-876B-479B-B571-42205BEDAC8E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3D00DACC-D290-4B4D-B094-17B3480EDB8D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D9BD1392-D6DA-4029-8DFA-050857E4DDA5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{46060E5A-2789-481D-A7DE-3C10B77D69C7}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= UDP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound "UDP Query User{29B7C7B6-D54B-4E37-9306-2B840982CC0B}c:\\program files\\softnyx\\gunboundwc\\gunbound.gme"= TCP:c:\program files\softnyx\gunboundwc\gunbound.gme:GunBound "TCP Query User{BD4EA169-34BC-43FF-AB09-B7313EA8B43D}c:\\users\\user\\desktop\\scoop2004\\ mirc.exe"= UDP:c:\users\user\desktop\scoop2004\mirc.exe:mirc. exe "UDP Query User{4912DCAE-04AB-423D-8F44-2465DD78F4D3}c:\\users\\user\\desktop\\scoop2004\\ mirc.exe"= TCP:c:\users\user\desktop\scoop2004\mirc.exe:mirc. exe "TCP Query User{8320D521-92AF-4303-9FD4-A75FFA3A5770}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{D34B18BD-C249-4DFB-A270-03CA99D3E68C}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC R4 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [2007-12-05 77824] R4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\SupportAppXL\cdrom_mon .exe [2008-02-18 81920] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-29 809296] R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 Revolution1;Revolution1;c:\users\user\Downloads\gb \gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [2008-12-13 20864] --- Other Services/Drivers In Memory --- *Deregistered* - dump_wmimmc [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{94754373-6daf-11dd-94c5-001d09972f65}] \shell\AutoRun\command - K:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b214cdd7-6dec-11dd-8e6e-001d09972f65}] \shell\AutoRun\command - L:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c3a020e9-9246-11dd-a8f6-001d09972f65}] \shell\AutoRun\command - K:\Autorun.exe /run \shell\Shell00\Command - K:\Autorun.exe /run \shell\Shell01\Command - K:\Autorun.exe /action \shell\Shell02\Command - K:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f23d92e1-6f49-11dd-8acc-001d09972f65}] \shell\AutoRun\command - K:\AutoRun.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.blingmysearch.com/bms/bling/Liewelyn%20 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Prof iles\colnbwaa.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 23:39:38 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2009-01-11 23:40:48 ComboFix-quarantined-files.txt 2009-01-11 15:40:46 Pre-Run: 103,769,149,440 bytes free Post-Run: 103,746,617,344 bytes free 232 --- E O F --- 2009-01-01 15:41:25 |
#13
|
||||
|
||||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:16 PM, on 1/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\System32\mobsync.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingmysearch.com/bms/bling/Liewelyn%20 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingl eInstance.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ChikkaDefault] C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8464 bytes |
#14
|
||||
|
||||
Hi mina915. I want you to send me some files. Look for the C:\Qoobox\Quarantine folder. When you find it, rightclick on it and choose Send To > Compressed zipped folder. Email Quarantine.zip to me (include a link to this thread) and title your email "Requested Files". My address is anniefriday@xtra.co.nz. I will post back when I have checked it out.
I also see Revolution_Engine_8.3_ShaK3 running. How long ago was this installed? |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Computer Freezes/No End Task Manager | Bothered | Hardware | 6 | May 27th, 2007 08:48 PM |
Task Manager? | SuperVeg4 | Windows XP | 1 | January 10th, 2006 10:49 AM |
Task Manager/Task List | chukeej | Windows 98 | 8 | July 22nd, 2005 07:09 AM |
Xp task bar freezes and Task manager will not display | rulepar | Windows XP | 1 | October 10th, 2004 06:29 PM |
NO task bar or programs in task manager!!! | pd1362 | Windows 98 | 3 | September 27th, 2004 03:47 AM |
All times are GMT +1. The time now is 05:07 PM.