|
|
|
New Member
Group: Forum Members
Last Login: 8/5/2008 4:57 PM
Posts: 42,
Visits: 107
|
|
XP PRO SP2
I am using Sygate Personal Firewall 5.6 build 2808
I have Spybot - Search & Destroy version 1.5.2.0
Sygate Personal Firewall reports; Application Hijacking, Severity=Critical, Remote Host=77.232.91.127, The full path of
Spybot is listed.
Sygate displays Spybot as Application Hijacking for several minutes anywhere from 5 to 20 minutes, so far.
Sygate eventually list the Security Type for each previous Spybot entry as "Port Scan" and changes the Severity to Minor
and changes the Remote Host to 194.168.8.100
In the past 60 minutes (while connected to the internet) Windows Media Player 11 has automatically launched 4 times.
The first time WMP launched; I did not see the video, the second time; it played a pornographic video, the third time;
a blank 3 second video, the fourth time; a pornographic video. I disabled my network adapter and Windows media player
has not launched since.
I have done a scan using Spybot Search and Destroy; it found nothing.
Task Manager, CPU Usage is fluctuating between 5% to 100%, the graph displays drastic peaks and troughs, at present I have
Firefox, Bitdefender, Spybot Search and Destroy and Sygate Personal Firewall running. These applications when running
at the same time; usually do not consume more than 15% usage.
Checked MSCONFIG - there are 5 entries for svchost, all enabled.
there are 6 entries enabled but Startup item column is blank, the "location" for the blank items is
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I am able to use all my usually applications with only one noticeable interruptions except whatever application I am
using; within a few seconds - the title bar will go grey and the application becomes inactive however no other
application launches. Since I have disabled my network adapter; this has not happened.
Another peculiarity - a dialogue bx appeared while I was connected to the net, it had not reference to any application
or website but it was clearly spyware because it display some text claiming that my computer is infected, which is true
because it's no doubt that vendor of that alert - has infected my PC. I did not click on, I used Alt+Tab but it was not
listed, it disappeared without any action from me.
About 45 minutes previous to all these things; my computer would play an alert similar to when you when you instruct a
computer to perform an action but it returns a message saying that action is not possible. No dialogue box appear on
screen to accompany this alert.
I have not recently installed any new software apart from a FireFox addon "BlockSite 0.7" however this was 2 days ago.
I have not installed any other browser plugins.
I just enabled my network adapter and the CPU usage is even more sporadic and Firefox is hanging but not severely.
I've used the ADS Spy tool in HijackThis but it found nothing.
Here is the result of HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 21:00:58, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\z_Drivers\svchost.exe
F:\SFW\SECURE\HijackThis.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\z_Drivers\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://techwhims.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,422,
Visits: 54,734
|
|
Welcome
Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm
Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double click on SDFix on your desktop,and install the fix to C:\
* You might want to print/copy the following as you need to be in Safe Mode from here on.
* Please then reboot your computer into Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 8/5/2008 4:57 PM
Posts: 42,
Visits: 107
|
|
Followed the instructions, I disabled all startup items before using SDFix however svchost.exe is still enabled, all 5 entries plus the 6 blank entries.
I ran both applications without any noticeable problems.
Here are the results
SDFix: Version 1.182
Run by Poi on 15/05/2008 at 21:54
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
dnlsvc
msdirect
Path :
"C:\DOCUME~1\Poi\LOCALS~1\Temp\dnlsvc.exe"
\??\C:\WINDOWS\system32\msdirect.sys
dnlsvc - Deleted
msdirect - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\msdirect.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:00:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:73,77,9d,44,52,04,3a,96,64,2c,89,59,f4,05,3c,2c,b1,76,a7,38,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,25,5d,36,3f,12,c8,45,c9,6d,c9,2b,96,e3,42,a1,87,db,..
"khjeh"=hex:91,6e,b0,e0,15,28,5d,87,f6,0a,45,2e,2f,5f,db,77,e8,a0,53,1a,89,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:71,4f,4c,8a,c1,fc,63,1e,3d,c3,12,7f,71,99,fc,44,96,b4,cc,df,e3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:73,77,9d,44,52,04,3a,96,64,2c,89,59,f4,05,3c,2c,b1,76,a7,38,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,25,5d,36,3f,12,c8,45,c9,6d,c9,2b,96,e3,42,a1,87,db,..
"khjeh"=hex:91,6e,b0,e0,15,28,5d,87,f6,0a,45,2e,2f,5f,db,77,e8,a0,53,1a,89,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:71,4f,4c,8a,c1,fc,63,1e,3d,c3,12,7f,71,99,fc,44,96,b4,cc,df,e3,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled elivery Manager Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\BIGSPEED Peer-to-Peer SDK\\bsP2pHubDemo.exe"="C:\\Program Files\\BIGSPEED Peer-to-Peer SDK\\bsP2pHubDemo.exe:*:Enabled:bsP2pHubDemo"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 16 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 16 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Mar 2008 165,232 A..H. --- "C:\Documents and Settings\Poi\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Finished!
--------------------------------------------------------------------------
ComboFix 08-05-12.1 - Poi 2008-05-15 22:13:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.233 [GMT 1:00]
Running from: C:\Documents and Settings\Poi\Desktop\ComboFix.exe
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Desktop_.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSDIRECT
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-15 21:49 . 2008-05-15 21:49d--------C:\WINDOWS\ERUNT
2008-05-15 21:44 . 2008-05-15 22:05d--------C:\SDFix
2008-05-15 11:38 . 2008-05-15 11:38d--------C:\z_Drivers
2008-05-15 11:38 . 2008-05-15 14:43980--a------C:\0xf9.exe
2008-05-09 08:05 . 2008-05-09 08:05d--------C:\Documents and Settings\Poi\Application Data\Talkback
2008-05-02 18:25 . 2008-05-02 18:25d--------C:\Program Files\Rockstar Games
2008-04-28 22:23 . 2008-04-28 22:23d--------C:\Program Files\Hotspot Shield
2008-04-26 22:02 . 2008-04-26 22:04d--------C:\Documents and Settings\Poi\Application Data\Dimdim
2008-04-26 22:02 . 2005-11-27 19:2531,896--a------C:\WINDOWS\system32\drivers\dfmirage.sys
2008-04-26 22:02 . 2005-11-27 19:2530,360--a------C:\WINDOWS\system32\dfmirage.dll
2008-04-25 14:12 . 2004-08-30 14:25438,272--a------C:\WINDOWS\system32\vp6vfw.dll
2008-04-25 14:12 . 2004-12-10 10:06327,680--a------C:\WINDOWS\system32\vp6dec.ax
2008-04-25 14:12 . 2007-04-12 15:01118,832--a------C:\WINDOWS\system32\SHW32.DLL
2008-04-23 12:17 . 2008-04-23 13:06d--------C:\Program Files\PeerGuardian2
2008-04-22 10:31 . 2008-04-22 10:31dr-h-----C:\Documents and Settings\Poi\Application Data\SecuROM
2008-04-22 06:17 . 2008-04-22 08:42d--------C:\Program Files\Desktop Activity Recorder
2008-04-20 12:51 . 2008-04-20 12:51d--------C:\Program Files\OpenAL
2008-04-20 12:51 . 2008-04-20 12:51409,600--a------C:\WINDOWS\system32\wrap_oal.dll
2008-04-20 12:51 . 2008-04-20 12:51114,688--a------C:\WINDOWS\system32\OpenAL32.dll
2008-04-20 12:47 . 2008-04-20 12:47d--------C:\Program Files\Paradox Interactive
2008-04-19 00:30 . 2008-04-19 00:30d--------C:\Program Files\Network Stumbler
2008-04-18 20:04 . 2008-04-18 20:03737,280--a------C:\WINDOWS\iun6002.exe
2008-04-18 13:21 . 2008-04-18 13:21d--------C:\Documents and Settings\All Users\Application Data\Default
2008-04-17 16:43 . 2008-04-17 16:43107,888--a------C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 08:42 . 2008-04-17 08:42d--------C:\Program Files\BIGSPEED Peer-to-Peer SDK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 20:2014----a-wC:\Documents and Settings\Poi\getfile.dat
2008-05-15 18:47---------d-----wC:\Documents and Settings\Poi\Application Data\OpenOffice.org2
2008-05-15 17:08---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 16:28---------d-----wC:\Program Files\BOINC
2008-05-14 10:54---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-08 14:33---------d--h--wC:\Program Files\InstallShield Installation Information
2008-04-25 13:06---------d-----wC:\Program Files\EA Sports
2008-04-25 12:56---------d-----wC:\Program Files\Common Files\LogiShrd
2008-04-25 12:38---------d-----wC:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-18 19:16---------d-----wC:\Program Files\Atheros
2008-04-17 13:40---------d-----wC:\Documents and Settings\Poi\Application Data\Hamachi
2008-04-13 18:51---------d-----wC:\Program Files\New Star Soccer 3
2008-04-11 00:44---------d-----wC:\Program Files\Project64 1.6
2008-04-10 13:19---------d-----wC:\Program Files\1964
2008-04-10 12:18---------d-----wC:\Program Files\mupen64 0.5
2008-04-09 20:07---------d-----wC:\Program Files\mupen64 0.4
2008-04-05 14:35---------d-----wC:\Program Files\Microsoft Silverlight
2008-03-28 12:13---------d-----wC:\Program Files\Safari
2008-03-28 12:13---------d-----wC:\Documents and Settings\Poi\Application Data\Apple Computer
2008-03-28 12:12---------d-----wC:\Program Files\Apple Software Update
2008-03-28 12:12---------d-----wC:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 23:03---------d-----wC:\Documents and Settings\Poi\Application Data\Vso
2008-03-22 22:27---------d-----wC:\Program Files\VSO
2008-03-19 15:37---------d-----wC:\Documents and Settings\All Users\Application Data\Logitech
2008-03-19 15:07---------d-----wC:\Program Files\SiSoftware
2008-03-19 15:00---------d-----wC:\Program Files\Belarc
2008-03-18 17:32---------d--h--wC:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}
2008-03-18 17:32---------d-----wC:\Program Files\GGPO Client
2008-03-17 18:11---------d-----wC:\Program Files\mosaic
2008-03-16 21:05---------d-----wC:\Program Files\Windows Media Connect 2
2008-03-16 20:54---------d-----wC:\Program Files\Kontiki
2008-03-16 20:54---------d-----wC:\Program Files\Channel4
2008-03-16 20:54---------d-----wC:\Documents and Settings\All Users\Application Data\Channel4
2008-03-06 18:20691,545----a-wC:\WINDOWS\unins000.exe
2008-03-04 13:00811,776----a-wC:\WINDOWS\boinc.scr
.
------- Sigcheck -------
2007-12-21 00:32 359040 a14fafd66adbd55a86f17a37e5ec4263C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe" [2008-02-26 10:13 40960]
"DriverLoad"="" []
"DriverCheck"="" []
"SystemDriverLoad"="" []
"alpha"="c:\z_Drivers\svchost.exe" [2008-05-15 11:38 198144]
"beta"="c:\z_Drivers\svchost.exe" [2008-05-15 11:38 198144]
"gamma"="c:\z_Drivers\svchost.exe" [2008-05-15 11:38 198144]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SystemDriver"="" []
"FDriver"="" []
"ADriver"="" []
"CDriver"="c:\z_Drivers\svchost.exe" [2008-05-15 11:38 198144]
"DDriver"="c:\z_Drivers\svchost.exe" [2008-05-15 11:38 198144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-07 03:21 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"CDriver"= c:\z_Drivers\svchost.exe
"DDriver"= c:\z_Drivers\svchost.exe
"alpha"= c:\z_Drivers\svchost.exe
"beta"= c:\z_Drivers\svchost.exe
"gamma"= c:\z_Drivers\svchost.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Poi^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Poi\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup
[HKLM\~\startupfolder\C:^DOCUME~1^Poi^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\DOCUME~1\Poi\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 22:50 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2006-07-19 10:41 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alpha]
--a------ 2008-05-15 11:38 198144 c:\z_Drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-19 10:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2005-06-20 13:10 421888 c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
--a------ 2005-05-09 13:19 8192 c:\progra~1\softwin\bitdef~1\bdnagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beta]
--a------ 2008-05-15 11:38 198144 c:\z_Drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDriver]
--a------ 2008-05-15 11:38 198144 c:\z_Drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDriver]
--a------ 2008-05-15 11:38 198144 c:\z_Drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverLoad]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDriver]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gamma]
--a------ 2008-05-15 11:38 198144 c:\z_Drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2008-02-15 12:46 135168 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-19 10:42 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-07-19 10:42 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2004-10-15 20:40 2577632 C:\PROGRA~1\Sygate\SPF\smc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriver]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverLoad]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 10:21 55856 C:\Program Files\VMware\VMware Player\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"uvnc_service"=2 (0x2)
"LexBceS"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-p2v"=2 (0x2)
"ThreadMaster"=2 (0x2)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"LVCOMSer"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"pr2aqvlb"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"dnlsvc"=2 (0x2)
"KService"=2 (0x2)
"XCOMM"=2 (0x2)
"SmcService"=2 (0x2)
"bdss"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SODCPreLoad"=C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\vncviewer.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\BIGSPEED Peer-to-Peer SDK\\bsP2pHubDemo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pe3aqvlb;XIII Century Environment Driver (pe3aqvlb);C:\WINDOWS\system32\drivers\pe3aqvlb.sys [2008-03-14 15:22]
R0 ps7aqvlb;XIII Century Synchronization Driver (ps7aqvlb);C:\WINDOWS\system32\drivers\ps7aqvlb.sys [2008-03-14 15:21]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 20:41]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-27 19:25]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 22:25]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S4 pr2aqvlb;XIII Century Drivers Auto Removal (pr2aqvlb);C:\WINDOWS\system32\pr2aqvlb.exe svc []
S4 ThreadMaster;Thread Master;C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe [2003-03-18 00:27]
S4 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []
S4 uvnc_service;uvnc_service;"C:\Program Files\UltraVNC\WinVNC.exe" -service []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:17:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
.
**************************************************************************
.
Completion time: 2008-05-15 22:20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 21:20:21
Pre-Run: 7,616,372,736 bytes free
Post-Run: 7,835,357,184 bytes free
277
-----------------------------------------------------------------------------------
In future please warn people to remove any headphones when using ComboFix, the two high pitch beeps at the start; are very unpleasant.
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,422,
Visits: 54,734
|
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 8/5/2008 4:57 PM
Posts: 42,
Visits: 107
|
|
I had my headphones on because previous to this spyware problem, I was listening to a netcast.
Ran ComboFix and HijackThis without any noticeable problems.
The CPU Usage is back to normal, FireFox is responding well, no longer hanging and only one startup item enabled, ctfmon.exe
Problems are fixed, your help is much appreciated, thank you.
Here are the results
ComboFix 08-05-12.1 - Poi 2008-05-15 23:05:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT 1:00]
Running from: C:\Documents and Settings\Poi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Poi\Desktop\CFScript.txt
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\0xf9.exe
C:\z_Drivers
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\0xf9.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-15 21:49 . 2008-05-15 21:49d--------C:\WINDOWS\ERUNT
2008-05-15 21:44 . 2008-05-15 22:05d--------C:\SDFix
2008-05-15 11:38 . 2008-05-15 11:38d--------C:\z_Drivers
2008-05-09 08:05 . 2008-05-09 08:05d--------C:\Documents and Settings\Poi\Application Data\Talkback
2008-05-02 18:25 . 2008-05-02 18:25d--------C:\Program Files\Rockstar Games
2008-04-28 22:23 . 2008-04-28 22:23d--------C:\Program Files\Hotspot Shield
2008-04-26 22:02 . 2008-04-26 22:04d--------C:\Documents and Settings\Poi\Application Data\Dimdim
2008-04-26 22:02 . 2005-11-27 19:2531,896--a------C:\WINDOWS\system32\drivers\dfmirage.sys
2008-04-26 22:02 . 2005-11-27 19:2530,360--a------C:\WINDOWS\system32\dfmirage.dll
2008-04-25 14:12 . 2004-08-30 14:25438,272--a------C:\WINDOWS\system32\vp6vfw.dll
2008-04-25 14:12 . 2004-12-10 10:06327,680--a------C:\WINDOWS\system32\vp6dec.ax
2008-04-25 14:12 . 2007-04-12 15:01118,832--a------C:\WINDOWS\system32\SHW32.DLL
2008-04-23 12:17 . 2008-04-23 13:06d--------C:\Program Files\PeerGuardian2
2008-04-22 10:31 . 2008-04-22 10:31dr-h-----C:\Documents and Settings\Poi\Application Data\SecuROM
2008-04-22 06:17 . 2008-04-22 08:42d--------C:\Program Files\Desktop Activity Recorder
2008-04-20 12:51 . 2008-04-20 12:51d--------C:\Program Files\OpenAL
2008-04-20 12:51 . 2008-04-20 12:51409,600--a------C:\WINDOWS\system32\wrap_oal.dll
2008-04-20 12:51 . 2008-04-20 12:51114,688--a------C:\WINDOWS\system32\OpenAL32.dll
2008-04-20 12:47 . 2008-04-20 12:47d--------C:\Program Files\Paradox Interactive
2008-04-19 00:30 . 2008-04-19 00:30d--------C:\Program Files\Network Stumbler
2008-04-18 20:04 . 2008-04-18 20:03737,280--a------C:\WINDOWS\iun6002.exe
2008-04-18 13:21 . 2008-04-18 13:21d--------C:\Documents and Settings\All Users\Application Data\Default
2008-04-17 16:43 . 2008-04-17 16:43107,888--a------C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 08:42 . 2008-04-17 08:42d--------C:\Program Files\BIGSPEED Peer-to-Peer SDK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 22:04---------d-----wC:\Documents and Settings\Poi\Application Data\OpenOffice.org2
2008-05-15 20:2014----a-wC:\Documents and Settings\Poi\getfile.dat
2008-05-15 17:08---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 16:28---------d-----wC:\Program Files\BOINC
2008-05-14 10:54---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-08 14:33---------d--h--wC:\Program Files\InstallShield Installation Information
2008-04-25 13:06---------d-----wC:\Program Files\EA Sports
2008-04-25 12:56---------d-----wC:\Program Files\Common Files\LogiShrd
2008-04-25 12:38---------d-----wC:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-18 19:16---------d-----wC:\Program Files\Atheros
2008-04-18 19:1443,520----a-wC:\WINDOWS\system32\CmdLineExt03.dll
2008-04-17 13:40---------d-----wC:\Documents and Settings\Poi\Application Data\Hamachi
2008-04-13 18:51---------d-----wC:\Program Files\New Star Soccer 3
2008-04-11 00:44---------d-----wC:\Program Files\Project64 1.6
2008-04-10 13:19---------d-----wC:\Program Files\1964
2008-04-10 12:18---------d-----wC:\Program Files\mupen64 0.5
2008-04-09 20:07---------d-----wC:\Program Files\mupen64 0.4
2008-04-05 14:35---------d-----wC:\Program Files\Microsoft Silverlight
2008-03-28 12:13---------d-----wC:\Program Files\Safari
2008-03-28 12:13---------d-----wC:\Documents and Settings\Poi\Application Data\Apple Computer
2008-03-28 12:12---------d-----wC:\Program Files\Apple Software Update
2008-03-28 12:12---------d-----wC:\Documents and Settings\All Users\Application Data\Apple
2008-03-24 23:03---------d-----wC:\Documents and Settings\Poi\Application Data\Vso
2008-03-22 22:27---------d-----wC:\Program Files\VSO
2008-03-19 15:37---------d-----wC:\Documents and Settings\All Users\Application Data\Logitech
2008-03-19 15:07---------d-----wC:\Program Files\SiSoftware
2008-03-19 15:00---------d-----wC:\Program Files\Belarc
2008-03-18 17:32---------d--h--wC:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}
2008-03-18 17:32---------d-----wC:\Program Files\GGPO Client
2008-03-17 18:11---------d-----wC:\Program Files\mosaic
2008-03-16 21:05---------d-----wC:\Program Files\Windows Media Connect 2
2008-03-16 20:54---------d-----wC:\Program Files\Kontiki
2008-03-16 20:54---------d-----wC:\Program Files\Channel4
2008-03-16 20:54---------d-----wC:\Documents and Settings\All Users\Application Data\Channel4
2008-03-14 14:23415,096----a-wC:\WINDOWS\system32\pr2aqvlb.exe
2008-03-07 11:56920,088----a-wC:\WINDOWS\system32\igxpun.exe
2008-03-06 18:20691,545----a-wC:\WINDOWS\unins000.exe
2008-03-04 13:00811,776----a-wC:\WINDOWS\boinc.scr
2008-02-15 12:21147,456----a-wC:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-02-15 12:1257,344----a-wC:\WINDOWS\system32\igxprd32.dll
2008-02-15 12:122,643,968----a-wC:\WINDOWS\system32\igxpdx32.dll
2008-02-15 12:12151,040----a-wC:\WINDOWS\system32\igxpgd32.dll
2008-02-15 12:121,670,144----a-wC:\WINDOWS\system32\igxpdv32.dll
2008-02-15 12:01294,912----a-wC:\WINDOWS\system32\igldev32.dll
2008-02-15 12:002,334,720----a-wC:\WINDOWS\system32\iglicd32.dll
2008-02-15 11:48524,288----a-wC:\WINDOWS\system32\igfxcfg.exe
2008-02-15 11:4648,128----a-wC:\WINDOWS\system32\igfxsrvc.dll
2008-02-15 11:46249,856----a-wC:\WINDOWS\system32\igfxsrvc.exe
2008-02-15 11:4624,576----a-wC:\WINDOWS\system32\igfxexps.dll
2008-02-15 11:46204,800----a-wC:\WINDOWS\system32\igfxpph.dll
2008-02-15 11:46163,840----a-wC:\WINDOWS\system32\igfxext.exe
2008-02-15 11:46159,744----a-wC:\WINDOWS\system32\hkcmd.exe
2008-02-15 11:46135,168----a-wC:\WINDOWS\system32\igfxtray.exe
2008-02-15 11:46135,168----a-wC:\WINDOWS\system32\igfxdo.dll
2008-02-15 11:46131,072----a-wC:\WINDOWS\system32\igfxpers.exe
2008-02-15 11:453,293,184----a-wC:\WINDOWS\system32\igfxress.dll
2008-02-15 11:45208,896----a-wC:\WINDOWS\system32\igfxdev.dll
2008-02-15 11:45172,032----a-wC:\WINDOWS\system32\igfxres.dll
2008-02-15 11:45163,840----a-wC:\WINDOWS\system32\igfxzoom.exe
2008-02-15 11:45102,400----a-wC:\WINDOWS\system32\hccutils.dll
.
------- Sigcheck -------
2007-12-21 00:32 359040 a14fafd66adbd55a86f17a37e5ec4263C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_22.20.07.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 21:10:0360,934----a-wC:\WINDOWS\system32\perfc009.dat
+ 2008-05-15 21:25:5760,934----a-wC:\WINDOWS\system32\perfc009.dat
- 2008-05-15 21:10:03396,608----a-wC:\WINDOWS\system32\perfh009.dat
+ 2008-05-15 21:25:57396,608----a-wC:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe" [2008-02-26 10:13 40960]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-07 03:21 124928 C:\WINDOWS\system32\advpack.dll]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Poi^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Poi\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup
[HKLM\~\startupfolder\C:^DOCUME~1^Poi^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\DOCUME~1\Poi\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 22:50 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2006-07-19 10:41 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-19 10:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2005-06-20 13:10 421888 c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
--a------ 2005-05-09 13:19 8192 c:\progra~1\softwin\bitdef~1\bdnagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2008-02-15 12:46 135168 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-19 10:42 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-07-19 10:42 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2004-10-15 20:40 2577632 C:\PROGRA~1\Sygate\SPF\smc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 10:21 55856 C:\Program Files\VMware\VMware Player\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"uvnc_service"=2 (0x2)
"LexBceS"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-p2v"=2 (0x2)
"ThreadMaster"=2 (0x2)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"LVCOMSer"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"pr2aqvlb"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"dnlsvc"=2 (0x2)
"KService"=2 (0x2)
"XCOMM"=2 (0x2)
"SmcService"=2 (0x2)
"bdss"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SODCPreLoad"=C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\vncviewer.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\BIGSPEED Peer-to-Peer SDK\\bsP2pHubDemo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pe3aqvlb;XIII Century Environment Driver (pe3aqvlb);C:\WINDOWS\system32\drivers\pe3aqvlb.sys [2008-03-14 15:22]
R0 ps7aqvlb;XIII Century Synchronization Driver (ps7aqvlb);C:\WINDOWS\system32\drivers\ps7aqvlb.sys [2008-03-14 15:21]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 20:41]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-27 19:25]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 22:25]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S4 pr2aqvlb;XIII Century Drivers Auto Removal (pr2aqvlb);C:\WINDOWS\system32\pr2aqvlb.exe svc []
S4 ThreadMaster;Thread Master;C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe [2003-03-18 00:27]
S4 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []
S4 uvnc_service;uvnc_service;"C:\Program Files\UltraVNC\WinVNC.exe" -service []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 23:07:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-05-15 23:08:10
ComboFix-quarantined-files.txt 2008-05-15 22:08:06
ComboFix2.txt 2008-05-15 21:20:27
Pre-Run: 7,603,470,336 bytes free
Post-Run: 7,817,502,720 bytes free
263
-----------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:13:26, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Poi\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://techwhims.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,422,
Visits: 54,734
|
|
Please download/install Avira AntiVir Personal - FREE Antivirus:
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.
Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.
Download\install 'SuperAntiSpyware Free Version Home Users' from here:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Launch SuperAntiSpyware and click on 'Check for updates'.
If you encounter any error messages while downloading the updates,manually download them from Here.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
Exit Hijackthis.
Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.
If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.
Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.
Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u6'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language - jre-6u6-windows-i586-p.exe' [15.21 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Also post a new Hijackthis log,let me know how your pc is running now please.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 8/5/2008 4:57 PM
Posts: 42,
Visits: 107
|
|
I'm reluctant to switch from BitDefender, would a scan result from BitDefender be as reliable as
Avira AntiVir ?
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,422,
Visits: 54,734
|
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 8/5/2008 4:57 PM
Posts: 42,
Visits: 107
|
|
I have BitDefender 8 Free Edition, build 8.0.202
I disabled it because I did not want to disrupt the use of the anti malware programs.
I've used BitDefender for a few months and have not experienced any problems with it.
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,422,
Visits: 54,734
|
|
You can re-enable BitDefender,forget Avira and carry on with the remaining instructions then if you will.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
© 2008 Advanced PC Media LLC, all rights reserved. Tweaks.com is not affiliated with Microsoft.