View Full Version : S&D found this win32.tdss.ntf cannot be cleaned
tapgambit
2009-09-06, 00:44
Hi everyone need help here here is the log from hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:33 PM, on 9/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194170079734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8D4B4B-5705-4F8A-BC80-14E47E160D38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat??›T?
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986944c28bbe0) (gupdate1c986944c28bbe0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 13059 bytes
any help is greatly appreciated
Hi tapgambit
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
tapgambit
2009-09-08, 09:09
thank for the response below is the logs
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-07 23:06:25
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 860DBA60 ZwOpenProcess
SSDT 860DBE80 ZwOpenThread
SSDT 860DC460 ZwSuspendProcess
SSDT 860DC280 ZwSuspendThread
SSDT 860DBC90 ZwTerminateProcess
SSDT 860DC0B0 ZwTerminateThread
Code 86B923A0 ZwEnumerateKey
Code 86CF7828 ZwFlushInstructionCache
Code 86EAA0EE IofCallDriver
Code 86182ED6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86EAA0F3
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86182EDB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86CF782C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86B923A4
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\eHome\ehSched.exe[132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005E000A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[176] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[988] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA882B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA880E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA883260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA882930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[580] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2000] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Threads - GMER 1.0.15 ----
Thread System [4:548] 860DA790
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui@imagepath \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETcmd.dll \systemroot\system32\SKYNETxpdovmtb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETlog.dat \systemroot\system32\SKYNETbgrxnsvj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnpcevswu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETapakomui\modules@SKYNET.dat \systemroot\system32\SKYNETdltofwjl.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui@imagepath \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETquwkkymi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETcmd.dll \systemroot\system32\SKYNETxpdovmtb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETlog.dat \systemroot\system32\SKYNETbgrxnsvj.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnpcevswu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETapakomui\modules@SKYNET.dat \systemroot\system32\SKYNETdltofwjl.dat
---- EOF - GMER 1.0.15 ----
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
tapgambit
2009-09-09, 06:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:43 PM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194170079734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8D4B4B-5705-4F8A-BC80-14E47E160D38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986944c28bbe0) (gupdate1c986944c28bbe0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 12375 bytes
ComboFix 09-09-08.05 - Ely love Glo 09/08/2009 19:52.1.2 - NTFSx86
Running from: c:\documents and settings\Ely lov\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ely lov\My Documents\ZbThumbnail.info
c:\documents and settings\Ely lov\nah_log.dat
c:\recycler\S-1-5-21-1409082233-1604221776-725345543-500
c:\recycler\S-1-5-21-3042144386-38634818-1214478158-500
c:\recycler\S-1-5-21-481110767-1992948612-544039527-500
c:\recycler\S-1-5-21-511144305-880782294-3526584436-500
c:\windows\Installer\WinRMSrv.msi
c:\windows\notepad.tmp2
c:\windows\setup.exe
c:\windows\system32\Drivers\myplaxf.sys
c:\windows\system32\drivers\SKYNETquwkkymi.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\notepad.tmp2
c:\windows\system32\SKYNETbgrxnsvj.dat
c:\windows\system32\SKYNETdltofwjl.dat
c:\windows\system32\SKYNETnpcevswu.dll
c:\windows\system32\SKYNETxpdovmtb.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETapakomui
-------\Legacy_SKYNETapakomui
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.
2009-09-09 02:52 . 2009-09-09 02:52 -------- d-----w- c:\documents and settings\Ely lov\Local Settings\Application Data\ESET
2009-09-06 15:42 . 2009-09-06 15:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\UC.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\RAR.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\LHA.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\ARJ.PIF
2009-09-05 22:46 . 2009-09-06 05:22 -------- d-----w- C:\totalcmd
2009-09-05 22:46 . 2009-09-05 22:46 -------- d-----w- c:\documents and settings\Ely lov\Application Data\GHISLER
2009-09-05 21:34 . 2009-09-05 21:35 -------- d-----w- c:\program files\ERUNT
2009-09-05 16:32 . 2009-09-05 16:32 -------- d-----w- c:\documents and settings\Ely lov\Application Data\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\program files\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-02 03:48 . 2009-09-02 03:48 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-08-30 17:59 . 2009-08-30 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 18:16 . 2007-11-17 05:07 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-26 02:49 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 02:49 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 02:49 . 2009-08-26 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 04:05 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-18 10:01 . 2009-09-06 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-17 05:41 . 2009-08-17 05:41 -------- d-----w- c:\program files\Safer Networking
2009-08-17 04:44 . 2009-09-02 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 16:57 . 2009-08-15 16:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\MSBuild
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 07:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 07:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 07:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 07:28 . 2009-08-15 07:28 -------- d-----w- C:\496f6f11270db85f9e9c
2009-08-15 07:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 04:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 08:13 . 2007-12-23 08:25 -------- d-----w- c:\documents and settings\Ely lov\Application Data\Skype
2009-09-05 07:01 . 2007-12-23 08:28 -------- d-----w- c:\documents and settings\Ely lov\Application Data\skypePM
2009-09-02 06:36 . 2008-03-22 23:36 47004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 07:16 . 2006-03-16 03:45 -------- d-----w- c:\program files\Java
2009-08-30 23:09 . 2007-12-23 08:25 -------- d-----r- c:\program files\Skype
2009-08-30 23:08 . 2009-03-01 05:45 -------- d-----w- c:\program files\Unison Desktop
2009-08-22 13:58 . 2009-07-11 21:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-16 07:42 . 2006-03-16 20:29 56736 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 21:08 . 2009-08-09 20:26 -------- d-----w- c:\program files\Garena
2009-08-09 20:00 . 2007-04-14 02:51 -------- d-----w- c:\program files\Creative
2009-08-09 20:00 . 2006-03-16 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2006-03-15 23:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 07:29 . 2008-01-14 00:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 03:54 . 2008-07-01 05:09 -------- d-----w- c:\documents and settings\Ely lov\Application Data\mjusbsp
2009-07-25 23:53 . 2009-07-25 23:52 -------- d-----w- c:\program files\UltraISO
2009-07-25 23:52 . 2009-07-25 23:52 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-25 12:23 . 2008-12-16 07:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 08:12 . 2009-07-25 08:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-07-17 19:01 . 2006-03-15 23:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-15 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 02:10 . 2009-07-13 02:10 -------- d-----w- c:\program files\Intel Corporation
2009-07-04 07:59 . 2009-07-04 07:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 17:09 . 2006-03-15 23:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-03-15 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-03-15 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-03-15 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-03-15 23:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-03-15 23:55 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-03-15 23:55 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-03-15 23:55 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-03-15 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-03-15 23:55 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2006-03-15 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-03-15 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-27 1232896]
c:\documents and settings\Ely lov\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ely lov^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ely lov\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ely lov\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 3:48 AM 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/6/2009 2:22 AM 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2008 2:58 AM 24652]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 4:57 PM 226304]
S2 gupdate1c986944c28bbe0;Google Update Service (gupdate1c986944c28bbe0);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 11:46 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp --> c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/23/2009 7:51 PM 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [4/13/2007 7:52 PM 91797]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 4:57 PM 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:08]
2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]
2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005Core.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]
2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005UA.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]
2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{A1E09E74-3AB2-4802-8548-29ADD3108A93}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.ph/intl/en/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {4C8D4B4B-5705-4F8A-BC80-14E47E160D38} = 208.67.222.222,208.67.220.220
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101672&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 20:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-09-09 20:20
ComboFix-quarantined-files.txt 2009-09-09 03:18
Pre-Run: 11,968,962,560 bytes free
Post-Run: 12,137,910,272 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
301 --- E O F --- 2009-08-26 05:38
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
tapgambit
2009-09-09, 07:27
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATT-PRT22
Auto Gordian Knot 2.55
AviSynth 2.5
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon MP500
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Chikka Messenger V4
Choice Guard
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
Connect
Creative WebCam Center
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Crux Calculator v5
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
DVR Manager (remove only)
Easy-WebPrint
EatCam Webcam Recorder 3.6 for Yahoo Messenger
ERUNT 1.1j
ESET Online Scanner
FlexCell Grid Control Trial Version
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Natural Text to Speech Reader 2008
Garena
Google Earth
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2 Plus
ImageStation
Inkscape 0.46
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iPod for Windows 2006-03-23
Ipswitch WS_FTP Home
iTunes
iTunes Art Importer
Java(TM) 6 Update 15
JEOPARDY! (remove only)
Junk Mail filter update
K-Lite Mega Codec Pack 2.2.0
kuler
LAN Setting Utility
Landscape Design and Construction
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDriver
Media Center Extender
Media Center Extender
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft WorldWide Telescope
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Transcoding Tool
mWlsSafe
mXML
Need For Speed II
Nero 7 Ultra Edition
Nero PhotoShow Express
Nero Recode CE
Netscape Browser (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
nProtect KeyCrypt
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.4.00
OpenOffice.org 2.4
Paint.NET v3.36
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
RunAlyzer
Safari
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Setting Utility Series
SigmaTel Audio
Skype™ 4.1
Sonic Encoders
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Suite Shared Configuration CS4
Teratrax Database Manager 4.6
TextEdit 3.0
Total 3D Home, Landscape & Deck Premium Suite
TVUPlayer 2.4.0.1
Ultra MPEG-4 Converter 3.9.1120
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Wheel of Fortune (remove only)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.1.8
Wireless Switch Setting Utility
XAMPP 1.6.4
Xfire (remove only)
XviD MPEG4 Video Codec (remove only)
XviD Video Codec 1.1.2-01022007
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm
As per forum rules (http://forums.spybot.info/showthread.php?t=282), all p2p programs have to be removed.
So please uninstall uTorrent and post back a fresh uninstall list.
Also, do you recognize these?
c:\windows\UC.PIF
c:\windows\RAR.PIF
c:\windows\PKZIP.PIF
c:\windows\PKUNZIP.PIF
c:\windows\NOCLOSE.PIF
c:\windows\LHA.PIF
c:\windows\ARJ.PIF
tapgambit
2009-09-09, 09:07
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATT-PRT22
Auto Gordian Knot 2.55
AviSynth 2.5
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon MP500
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Chikka Messenger V4
Choice Guard
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
Connect
Creative WebCam Center
Creative WebCam Live! User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
Crux Calculator v5
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
DVR Manager (remove only)
Easy-WebPrint
EatCam Webcam Recorder 3.6 for Yahoo Messenger
ERUNT 1.1j
ESET Online Scanner
FlexCell Grid Control Trial Version
FLV Player 2.0 (build 25)
Fraps (remove only)
Free Natural Text to Speech Reader 2008
Garena
Google Earth
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2 Plus
ImageStation
Inkscape 0.46
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iPod for Windows 2006-03-23
Ipswitch WS_FTP Home
iTunes
iTunes Art Importer
Java(TM) 6 Update 15
JEOPARDY! (remove only)
Junk Mail filter update
K-Lite Mega Codec Pack 2.2.0
kuler
LAN Setting Utility
Landscape Design and Construction
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDriver
Media Center Extender
Media Center Extender
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft WorldWide Telescope
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.2)
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Transcoding Tool
mWlsSafe
mXML
Need For Speed II
Nero 7 Ultra Edition
Nero PhotoShow Express
Nero Recode CE
Netscape Browser (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
nProtect KeyCrypt
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.4.00
OpenOffice.org 2.4
Paint.NET v3.36
PC Connectivity Solution
Pcsx2 0.9.2 Watermoose
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
RunAlyzer
Safari
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Setting Utility Series
SigmaTel Audio
Skype™ 4.1
Sonic Encoders
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Suite Shared Configuration CS4
Teratrax Database Manager 4.6
TextEdit 3.0
Total 3D Home, Landscape & Deck Premium Suite
TVUPlayer 2.4.0.1
Ultra MPEG-4 Converter 3.9.1120
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Wheel of Fortune (remove only)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.1.8
Wireless Switch Setting Utility
XAMPP 1.6.4
Xfire (remove only)
XviD MPEG4 Video Codec (remove only)
XviD Video Codec 1.1.2-01022007
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm
I am not familiar about those files, what are they?
In that case, please upload this - c:\windows\UC.PIF to http://virusscan.jotti.org and post back results.
tapgambit
2009-09-09, 09:45
Filename: UC.PIF
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 10 May 2009 17:05:16 (CET) Permalink
Additional info
File size: 545 bytes
Filetype: Unknown
MD5: cd372c250481170d0f873f42f73a0518
SHA1: 74d16ce1900815a60c381aff2d1d43f0f5c3af87
Do you recognize this then?
C:\totalcmd
tapgambit
2009-09-10, 07:14
Hi Shaba
its the same with the total commander? I downloaded it via the link here in the forum because i want to manually clean the win32.tdss.ntf see the link below
http://forums.spybot.info/showthread.php?t=51513&highlight=manually+remove+win32.tdss.ntf
I already run the S&D and no problem found, can you recommend what are the step to prevent to happen this in the future after you help me clean my system
Thank you in advance
Yes it is total commander and fine then.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
tapgambit
2009-09-10, 08:28
ComboFix 09-09-09.04 - Ely love Glo 09/09/2009 21:46.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.295 [GMT -7:00]
Running from: c:\documents and settings\Ely lov\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ely lov\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-09 07:01 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 02:52 . 2009-09-09 02:52 -------- d-----w- c:\documents and settings\Ely lov\Local Settings\Application Data\ESET
2009-09-06 15:42 . 2009-09-06 15:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\UC.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\RAR.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\LHA.PIF
2009-09-05 22:46 . 2009-08-27 14:50 545 ----a-w- c:\windows\ARJ.PIF
2009-09-05 22:46 . 2009-09-06 05:22 -------- d-----w- C:\totalcmd
2009-09-05 22:46 . 2009-09-05 22:46 -------- d-----w- c:\documents and settings\Ely lov\Application Data\GHISLER
2009-09-05 21:34 . 2009-09-05 21:35 -------- d-----w- c:\program files\ERUNT
2009-09-05 16:32 . 2009-09-05 16:32 -------- d-----w- c:\documents and settings\Ely lov\Application Data\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\program files\ESET
2009-09-05 16:30 . 2009-09-05 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-02 03:48 . 2009-09-02 03:48 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-08-30 17:59 . 2009-08-30 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 18:16 . 2007-11-17 05:07 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-26 02:49 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 02:49 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 02:49 . 2009-08-26 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 04:05 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-18 10:01 . 2009-09-06 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-17 05:41 . 2009-08-17 05:41 -------- d-----w- c:\program files\Safer Networking
2009-08-17 04:44 . 2009-09-02 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 16:57 . 2009-08-15 16:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\MSBuild
2009-08-15 07:29 . 2009-08-15 07:29 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 07:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 07:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 07:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 07:28 . 2009-08-15 07:28 -------- d-----w- C:\496f6f11270db85f9e9c
2009-08-15 07:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 07:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 04:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 07:25 . 2008-01-14 00:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 04:22 . 2006-06-11 05:27 -------- d-----w- c:\program files\LimeWire
2009-09-05 08:13 . 2007-12-23 08:25 -------- d-----w- c:\documents and settings\Ely lov\Application Data\Skype
2009-09-05 07:01 . 2007-12-23 08:28 -------- d-----w- c:\documents and settings\Ely lov\Application Data\skypePM
2009-09-02 06:36 . 2008-03-22 23:36 47004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 07:16 . 2006-03-16 03:45 -------- d-----w- c:\program files\Java
2009-08-30 23:09 . 2007-12-23 08:25 -------- d-----r- c:\program files\Skype
2009-08-30 23:08 . 2009-03-01 05:45 -------- d-----w- c:\program files\Unison Desktop
2009-08-22 13:58 . 2009-07-11 21:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-16 07:42 . 2006-03-16 20:29 56736 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 21:08 . 2009-08-09 20:26 -------- d-----w- c:\program files\Garena
2009-08-09 20:00 . 2007-04-14 02:51 -------- d-----w- c:\program files\Creative
2009-08-09 20:00 . 2006-03-16 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2006-03-15 23:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 03:54 . 2008-07-01 05:09 -------- d-----w- c:\documents and settings\Ely lov\Application Data\mjusbsp
2009-07-25 23:53 . 2009-07-25 23:52 -------- d-----w- c:\program files\UltraISO
2009-07-25 23:52 . 2009-07-25 23:52 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-25 12:23 . 2008-12-16 07:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 08:12 . 2009-07-25 08:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-07-17 19:01 . 2006-03-15 23:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-15 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 02:10 . 2009-07-13 02:10 -------- d-----w- c:\program files\Intel Corporation
2009-07-04 07:59 . 2009-07-04 07:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 17:09 . 2006-03-15 23:56 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-03-15 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-03-15 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-03-15 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-03-15 23:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-03-15 23:55 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-03-15 23:55 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-03-15 23:55 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-03-15 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-03-15 23:55 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2006-03-15 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-03-15 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-09_03.15.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 03:54 . 2009-09-10 03:54 16384 c:\windows\Temp\Perflib_Perfdata_378.dat
+ 2009-09-10 03:54 . 2009-09-10 03:54 16384 c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2007-10-27 20:28 . 2009-09-09 07:11 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-09-09 07:26 . 2009-09-09 07:26 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2007-10-27 20:28 . 2009-08-16 10:21 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-24 18:47 . 2008-08-24 18:47 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2006-03-15 23:55 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2006-03-15 23:55 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-10-27 20:28 . 2009-09-09 07:11 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-27 20:28 . 2009-08-16 10:21 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-27 20:28 . 2009-09-09 07:11 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-09-09 07:07 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-09 07:07 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-09 07:07 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-09-09 07:29 . 2009-09-09 07:29 458752 c:\windows\ERDNT\AutoBackup\9-9-2009\Users\00000002\UsrClass.dat
+ 2009-09-09 07:29 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-9-2009\ERDNT.EXE
+ 2006-03-16 01:11 . 2009-08-18 17:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2008-08-24 18:47 . 2008-08-24 18:47 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2006-03-15 23:56 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
- 2006-03-15 23:56 . 2008-06-18 13:03 2458112 c:\windows\system32\WMVCore.dll
+ 2006-12-16 00:56 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2006-12-16 00:56 . 2008-06-18 13:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-25 21:57 . 2009-08-25 21:57 5518336 c:\windows\Installer\d14ea.msp
- 2008-08-24 18:47 . 2008-08-24 18:47 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-09-09 07:26 . 2009-09-09 07:26 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2006-08-12 01:29 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-09 07:08 . 2009-09-09 07:08 15709696 c:\windows\Installer\d14d6.msp
+ 2009-09-09 07:29 . 2009-09-09 07:29 11059200 c:\windows\ERDNT\AutoBackup\9-9-2009\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-27 1232896]
c:\documents and settings\Ely lov\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ely lov^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ely lov\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ely lov\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 3:48 AM 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/6/2009 2:22 AM 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2008 2:58 AM 24652]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 4:57 PM 226304]
S2 gupdate1c986944c28bbe0;Google Update Service (gupdate1c986944c28bbe0);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 11:46 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp --> c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/23/2009 7:51 PM 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [4/13/2007 7:52 PM 91797]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 4:57 PM 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - EHRECVR
*NewlyCreated* - EHSCHED
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:08]
2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]
2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:46]
2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005Core.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]
2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3823333615-61648065-2726266617-1005UA.job
- c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:21]
2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{A1E09E74-3AB2-4802-8548-29ADD3108A93}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.ph/intl/en/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {4C8D4B4B-5705-4F8A-BC80-14E47E160D38} = 208.67.222.222,208.67.220.220
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101672&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Ely lov\Application Data\Mozilla\Firefox\Profiles\le3uztzb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Ely lov\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 22:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ELYLOV~1\LOCALS~1\Temp\WZX26.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-09-10 22:11
ComboFix-quarantined-files.txt 2009-09-10 05:10
ComboFix2.txt 2009-09-09 03:20
Pre-Run: 11,799,375,872 bytes free
Post-Run: 11,742,838,784 bytes free
345 --- E O F --- 2009-09-09 07:16
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
tapgambit
2009-09-11, 16:59
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 11, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 11, 2009 07:01:32
Records in database: 2776561
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 278821
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 05:22:19
File name / Threat / Threats count
C:\Documents and Settings\Ely lov\My Documents\bebong\Remote-Administrator-Control-v3.3\Remote-Administrator-Control-v3.3\RACClient331.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.i 1
C:\Documents and Settings\Ely lov\My Documents\bebong\Remote-Administrator-Control-v3.3\Remote-Administrator-Control-v3.3\RACServer331.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.j 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:41 AM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194170079734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8D4B4B-5705-4F8A-BC80-14E47E160D38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986944c28bbe0) (gupdate1c986944c28bbe0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\system32\npkcsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 12654 bytes
That looks good :)
Still problems?
tapgambit
2009-09-12, 06:49
no problem at all, if not to much to ask can you give some tips to avoid being a victim again. like free software that i can use to maintain my system.
once again thank you for extending your help and to the rest of the team.
appreciate all the help:thanks:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
tapgambit
2009-09-12, 22:01
thank you again for the valuable information.:thanks:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.