Page 1 of 9 12345 ... LastLast
Results 1 to 10 of 89

Thread: Please Help !!!!!

  1. #1
    Member
    Join Date
    Oct 2007
    Posts
    63

    Arrow Please Help !!!!!

    I Don't Know what 2 do . I'm not good at english very much before i post this topic i tried to read about the deal but i don't understand much ... take a look at this log file thank you very much

    Logfile of HijackThis v1.99.1
    Scan saved at 14:23:30, on 13/10/2550
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SmartAdviser\EZAD\svchost.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\ViOrb\ViOrb.exe
    C:\Program Files\ViStart\ViStart.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
    O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  2. #2
    Security Expert: Emeritus Shaba's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi nishikamae

    Rename HijackThis.exe to nishikamae.exe and post back a fresh HijackThis log, please
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Thank You ... Here is a new log file

    Logfile of HijackThis v1.99.1
    Scan saved at 20:51:31, on 14/10/2550
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ViOrb\ViOrb.exe
    C:\Program Files\ViStart\ViStart.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\runonce.exe
    C:\Program Files\HijackThis\nishikamae.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
    O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  4. #4
    Security Expert: Emeritus Shaba's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi

    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    1. Download combofix from one of these links:
    Link1
    Link2
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Here is a new HijackThis log file ....


    Logfile of HijackThis v1.99.1
    Scan saved at 21:46:05, on 14/10/2550
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SmartAdviser\EZAD\svchost.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ViOrb\ViOrb.exe
    C:\Program Files\ViStart\ViStart.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\xlavra3.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\nishikamae.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
    O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
    O4 - HKLM\..\Run: [smcss] C:\WINDOWS\smcss.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  6. #6
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    Here is a combofix log file thank you.

    ComboFix 07-10-11.1 - user 10/14/2007 21:39:52.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.353 [GMT -12:00]
    Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\user\Desktop\internet.lnk
    C:\Program Files\WinAble

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 09:39 153,642 ----a-w C:\WINDOWS\smcss.exe
    2007-10-15 09:39 153,642 ----a-w C:\Installer.exe
    2007-10-15 09:37 --------- d-----w C:\Program Files\ViStart
    2007-10-15 09:34 350 ----a-w C:\sccfg.sys
    2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-10-13 09:15 109 ----a-w C:\Program Files\AudiLog.txt
    2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
    2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
    2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
    2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
    2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
    2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
    2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-13 06:44 --------- d-----w C:\Program Files\Java
    2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
    2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
    2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
    2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
    2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
    2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-13 03:30 16,384 ----a-w C:\WINDOWS\xlavra3.exe
    2007-10-13 03:21 340,992 ----a-w C:\WINDOWS\system32\lasse.exe
    2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-10-12 06:09 16,384 ----a-w C:\WINDOWS\xlavra2.exe
    2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
    2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
    2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
    2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
    2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
    2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
    2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
    2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
    2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
    2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
    2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
    2007-09-17 09:32 4,608 ----a-w C:\WINDOWS\chkdsk32_.exe
    2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
    2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
    2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
    2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
    2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
    2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
    2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
    2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
    2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
    2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
    2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
    2007-09-05 09:34 --------- d-----w C:\Program Files\Google
    2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
    2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-09-03 02:16 --------- d-----w C:\Program Files\Real
    2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
    2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
    2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
    2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-06-27 09:38 178,999 ----a-w C:\Documents and Settings\user\dodolook020.exe
    2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
    2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
    2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
    2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
    2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
    2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
    2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
    2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
    2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
    2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
    2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
    ----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
    ----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
    ----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
    ----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
    ----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
    ----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
    ----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
    ----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
    ----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
    ----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
    ----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
    ----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
    ----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
    ----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
    ----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
    ----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
    ----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
    ----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
    ----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
    ----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
    ----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
    ----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
    ----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
    ----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
    ----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
    ----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
    ----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
    ----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
    ----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
    ----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
    ----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
    ----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
    ----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
    ----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
    ----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
    ----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
    ----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
    ----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
    ----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
    ----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
    ----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
    ----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
    ----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
    ----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
    ----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
    ----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
    ----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
    ----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
    ----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
    ----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
    ----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
    ----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
    ----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
    ----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
    ----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
    ----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
    ----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
    ----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    ----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    --sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    ----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
    ----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
    ----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
    ----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
    ----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
    ----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
    ----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
    ----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    ----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    ----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    ----a-w 81,472 2007-10-13 05:51:05 C:\WINDOWS\system32\Restore\rstrlog.dat
    .
    ----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
    ----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
    ----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
    ----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
    ----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
    ----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    ----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    ----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    ----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
    .

  7. #7
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default nishikamae

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
    "Cmaudio"="cmicnfg.cpl" []
    "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
    "EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
    "KILLMS32DLL"="C:\WINDOWS\killgodzilla.vbs" []
    "C:\WINDOWS\Config\wr-1-312.exe"="C:\WINDOWS\Config\wr-1-312.exe" []
    "Disk Check"="C:\WINDOWS\chkdsk32_.exe" [09/16/2007 09:32 PM]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
    "C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
    "smcss"="C:\WINDOWS\smcss.exe" [10/14/2007 09:39 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
    "UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
    "viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
    "ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
    "ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
    "lasse"="C:\WINDOWS\system32\lasse.exe" [10/12/2007 03:21 PM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "msnsc"=C:\WINDOWS\system32\msnsc.exe
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ERSvc"=2 (0x2)

    R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
    R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
    R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
    R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
    R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
    S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
    S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158d48b7-6e07-11db-bf97-0011955e5ccb}]
    Auto\command - AdobeR.exe e
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214d781f-344c-11dc-809c-0011955e5ccb}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215ec143-6503-11dc-80f8-0011955e5ccb}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e38b571-612f-11dc-80eb-0011955e5ccb}]
    AutoRun\command - L:\
    explore\Command - L:\RECYCLER\INFO.exe
    open\Command - L:\RECYCLER\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
    AutoRun\command - L:\
    explore\Command - L:\RECYCLER\INFO.exe
    open\Command - L:\RECYCLER\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
    AutoRun\command - L:\
    explore\Command - L:\RECYCLER\INFO.exe
    open\Command - L:\RECYCLER\INFO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d573b05f-7f89-11db-bfb4-0011955e5ccb}]
    Auto\command - AdobeR.exe e
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ctrmode]
    C:\WINDOWS\ctrmode.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\smcss]
    C:\WINDOWS\smcss.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-11 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-10-15 09:37:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-10-15 03:58:45 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-14 21:43:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\winamp.ini
    C:\WINDOWS\WindowsShell.Manifest
    C:\WINDOWS\WindowsUpdate.log
    C:\WINDOWS\winhelp.exe
    C:\WINDOWS\winhlp32.exe
    C:\WINDOWS\Wininit.ini
    C:\WINDOWS\winnt.bmp
    C:\WINDOWS\winnt256.bmp
    C:\WINDOWS\WinSxS
    C:\WINDOWS\WMFDist11.log
    C:\WINDOWS\WMFDist11Uninst.log
    C:\WINDOWS\wmp
    C:\WINDOWS\wmp11.log
    C:\WINDOWS\wmp11Uninst.log
    C:\WINDOWS\wmsetup.log
    C:\WINDOWS\wmsetup10.log
    C:\WINDOWS\WMSysPr9.prx
    C:\WINDOWS\Wudf01000Inst.log
    C:\WINDOWS\xlavra2.exe
    C:\WINDOWS\xlavra3.exe
    C:\WINDOWS\xptools.ini
    C:\WINDOWS\yhl.dll
    C:\WINDOWS\Zapotec.bmp
    C:\WINDOWS\_default.pif
    C:\WINDOWS\_MSRSTRT.EXE

    scan completed successfully
    hidden files: 25

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C:\\WINDOWS\\Config\\wr-1-312.exe"="C:\\WINDOWS\\Config\\wr-1-312.exe"
    "C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
    .
    Completion time: 10/14/2007 21:45:00
    .
    --- E O F ---

  8. #8
    Security Expert: Emeritus Shaba's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi

    Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link-->Jotti

    When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

    C:\WINDOWS\xlavra3.exe

    Repeat step for these:

    C:\WINDOWS\system32\lasse.exe
    C:\WINDOWS\smcss.exe
    C:\WINDOWS\chkdsk32_.exe
    C:\Documents and Settings\user\dodolook020.exe

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Member
    Join Date
    Oct 2007
    Posts
    63

    Default

    Scanner results for C:\WINDOWS\xlavra3.exe
    Scan taken on 14 Oct 2007 15:17:10 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found Downloader.Agent.TYK
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
    Fortinet Found W32/Agent.EAO!tr.dldr
    Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    Scanner results for C:\WINDOWS\system32\lasse.exe
    Scan taken on 14 Oct 2007 15:24:51 (GMT)
    A-Squared Found nothing
    AntiVir Found HEUR/Crypted
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found IRC/BackDoor.SdBot3.TSJ
    BitDefender Found BehavesLike:Win32.ExplorerHijack (probable variant)
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found SDBot.gen9
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found Mal/Basine-C
    VirusBuster Found nothing
    VBA32 Found nothing


    Scanner results for C:\WINDOWS\smcss.exe
    Scan taken on 14 Oct 2007 15:29:25 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found Win32:VB-FEW
    AVG Antivirus Found BackDoor.Generic8.HUS
    BitDefender Found Backdoor.Agent.YWI
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found Win32.HLLW.SpyBot
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found Win32/IRCBot.AAB
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found Win32.HLLW.SpyBot


    Scanner results for C:\WINDOWS\chkdsk32_.exe
    Scan taken on 14 Oct 2007 15:32:20 (GMT)
    A-Squared Found nothing
    AntiVir Found TR/Dldr.VB.bai.2
    ArcaVir Found nothing
    Avast Found Win32:VB-FBZ
    AVG Antivirus Found Downloader.Generic6.MKC
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found Trojan.Click.4037
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found Trojan-Downloader.Win32.VB.bai
    Fortinet Found W32/VB.BAI!tr.dldr
    Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.bai
    NOD32 Found probably unknown NewHeur_PE (probable variant)
    Norman Virus Control Found W32/DLoader.DTZZ
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found Trojan-Downloader.Win32.VB.bai



    Scanner results for C:\Documents and Settings\user\dodolook020.exe
    Scan taken on 14 Oct 2007 15:36:25 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found Win32:Adware-gen.
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Cinmeng.A, Generic.Adw.Cinmus.2.D099F095, Adware.Cinmus.F
    ClamAV Found Trojan.Dropper-1805
    CPsecure Found AdWare.W32.Cinmus.G
    Dr.Web Found Adware.Cinmus
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po (4, 1, 400), not-a-virus:AdWare.Win32.Cinmus.j (4, 1, 400)
    Fortinet Found Adware/Cinmus
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po, not-a-virus:AdWare.Win32.Cinmus.j
    NOD32 Found a variant of Win32/Adware.Cinmus application
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found AdWare.Win32.Cinmus.j


    Thank You very Much

  10. #10
    Security Expert: Emeritus Shaba's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •