-
Please Help !!!!!
I Don't Know what 2 do . I'm not good at english very much before i post this topic i tried to read about the deal but i don't understand much ... take a look at this log file thank you very much
Logfile of HijackThis v1.99.1
Scan saved at 14:23:30, on 13/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
-
Hi nishikamae
Rename HijackThis.exe to nishikamae.exe and post back a fresh HijackThis log, please :)
-
nishikamae
Thank You ... Here is a new log file
Logfile of HijackThis v1.99.1
Scan saved at 20:51:31, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
-
Hi
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
-
nishikamae
Here is a new HijackThis log file ....
Logfile of HijackThis v1.99.1
Scan saved at 21:46:05, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKLM\..\Run: [smcss] C:\WINDOWS\smcss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
-
nishikamae
Here is a combofix log file thank you.
ComboFix 07-10-11.1 - user 10/14/2007 21:39:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.353 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\internet.lnk
C:\Program Files\WinAble
.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 09:39 153,642 ----a-w C:\WINDOWS\smcss.exe
2007-10-15 09:39 153,642 ----a-w C:\Installer.exe
2007-10-15 09:37 --------- d-----w C:\Program Files\ViStart
2007-10-15 09:34 350 ----a-w C:\sccfg.sys
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 09:15 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-13 03:30 16,384 ----a-w C:\WINDOWS\xlavra3.exe
2007-10-13 03:21 340,992 ----a-w C:\WINDOWS\system32\lasse.exe
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-12 06:09 16,384 ----a-w C:\WINDOWS\xlavra2.exe
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 09:32 4,608 ----a-w C:\WINDOWS\chkdsk32_.exe
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-06-27 09:38 178,999 ----a-w C:\Documents and Settings\user\dodolook020.exe
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 81,472 2007-10-13 05:51:05 C:\WINDOWS\system32\Restore\rstrlog.dat
.
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
-
nishikamae
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"KILLMS32DLL"="C:\WINDOWS\killgodzilla.vbs" []
"C:\WINDOWS\Config\wr-1-312.exe"="C:\WINDOWS\Config\wr-1-312.exe" []
"Disk Check"="C:\WINDOWS\chkdsk32_.exe" [09/16/2007 09:32 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
"smcss"="C:\WINDOWS\smcss.exe" [10/14/2007 09:39 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
"lasse"="C:\WINDOWS\system32\lasse.exe" [10/12/2007 03:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158d48b7-6e07-11db-bf97-0011955e5ccb}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214d781f-344c-11dc-809c-0011955e5ccb}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215ec143-6503-11dc-80f8-0011955e5ccb}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e38b571-612f-11dc-80eb-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d573b05f-7f89-11db-bfb4-0011955e5ccb}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ctrmode]
C:\WINDOWS\ctrmode.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\smcss]
C:\WINDOWS\smcss.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 09:37:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-15 03:58:45 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:43:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xlavra2.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
scan completed successfully
hidden files: 25
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\Config\\wr-1-312.exe"="C:\\WINDOWS\\Config\\wr-1-312.exe"
"C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
.
Completion time: 10/14/2007 21:45:00
.
--- E O F ---
-
Hi
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
C:\WINDOWS\xlavra3.exe
Repeat step for these:
C:\WINDOWS\system32\lasse.exe
C:\WINDOWS\smcss.exe
C:\WINDOWS\chkdsk32_.exe
C:\Documents and Settings\user\dodolook020.exe
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
-
Scanner results for C:\WINDOWS\xlavra3.exe
Scan taken on 14 Oct 2007 15:17:10 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Agent.TYK
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
Fortinet Found W32/Agent.EAO!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Scanner results for C:\WINDOWS\system32\lasse.exe
Scan taken on 14 Oct 2007 15:24:51 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found IRC/BackDoor.SdBot3.TSJ
BitDefender Found BehavesLike:Win32.ExplorerHijack (probable variant)
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found SDBot.gen9
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Basine-C
VirusBuster Found nothing
VBA32 Found nothing
Scanner results for C:\WINDOWS\smcss.exe
Scan taken on 14 Oct 2007 15:29:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:VB-FEW
AVG Antivirus Found BackDoor.Generic8.HUS
BitDefender Found Backdoor.Agent.YWI
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Win32.HLLW.SpyBot
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/IRCBot.AAB
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Win32.HLLW.SpyBot
Scanner results for C:\WINDOWS\chkdsk32_.exe
Scan taken on 14 Oct 2007 15:32:20 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.VB.bai.2
ArcaVir Found nothing
Avast Found Win32:VB-FBZ
AVG Antivirus Found Downloader.Generic6.MKC
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Click.4037
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.VB.bai
Fortinet Found W32/VB.BAI!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.bai
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/DLoader.DTZZ
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.VB.bai
Scanner results for C:\Documents and Settings\user\dodolook020.exe
Scan taken on 14 Oct 2007 15:36:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Trojan.Cinmeng.A, Generic.Adw.Cinmus.2.D099F095, Adware.Cinmus.F
ClamAV Found Trojan.Dropper-1805
CPsecure Found AdWare.W32.Cinmus.G
Dr.Web Found Adware.Cinmus
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po (4, 1, 400), not-a-virus:AdWare.Win32.Cinmus.j (4, 1, 400)
Fortinet Found Adware/Cinmus
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po, not-a-virus:AdWare.Win32.Cinmus.j
NOD32 Found a variant of Win32/Adware.Cinmus application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.Cinmus.j
Thank You very Much
-
Hi
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.