MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Require some help.
June 02, 2020, 08:59:35 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 02, 2020, 08:59:35 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Require some help.  (Read 4101 times)
saw235
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 22


Bookmark and Share

View Profile
« on: June 24, 2008, 04:29:36 PM »

Hi guys. My friend got infected by a trojan or adware which looks like this, which render his browser useless. The connection is still there but he can't browse website. ( Meaning he can still access his windows live messenger )
Heres hows it looks


And this is his hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:07, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IEAntiVirus\ANTIVIR.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BHO toolbar - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\nada32.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsa64.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a78bd3b8-610c-1092-1017-544c93af4742} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {ef79e0ef-7a59-3305-95b8-159f8ab1e1ca} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8e510fcc1d4242289d306d200f0d5fb2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8e510fcc1d4242289d306d200f0d5fb2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sim Khee Aik\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://bluehyppo.jumboplay.com/class/DragonbackCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E599505-2396-4FED-B6D4-AB38B62CE3C3}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 12263 bytes

Thx for helping ( If any )
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: June 24, 2008, 11:02:45 PM »

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This  applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
« Last Edit: June 24, 2008, 11:05:31 PM by Pancake » Logged

An Australian Member of

EDDY
saw235
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 22


Bookmark and Share

View Profile
« Reply #2 on: June 25, 2008, 09:27:28 AM »

Heres the new log
-------------------------------------------------------------------------------------------------------------------------------------
ComboFix 08-06-20.4 - Sim Khee Aik 2008-06-25 17:11:08.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.535 [GMT 8:00]
Running from: C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-05-25 to 2008-06-25  )))))))))))))))))))))))))))))))
.

2008-06-24 19:45 . 2008-06-24 21:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 19:44 . 2008-06-24 19:44   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 18:51 . 2008-06-24 18:51   <DIR>   d--------   C:\Program Files\ESET
2008-06-24 18:51 . 2008-06-24 18:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 15:52 . 2008-06-24 15:52   19,456   --a------   C:\WINDOWS\system32\nada32.dll
2008-06-23 22:04 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-06-23 22:04 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-06-23 20:43 . 2008-06-25 15:53   889   --a------   C:\WINDOWS\system32\ms*xcr.ini
2008-06-23 20:26 . 2008-06-23 20:26   <DIR>   d--------   C:\Nexon
2008-06-12 23:23 . 2008-06-12 23:23   <DIR>   d--------   C:\Program Files\MSECache
2008-06-11 10:40 . 2008-06-13 21:10   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:40 . 2008-06-13 21:10   272,128   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 08:57   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\AVG7
2008-06-25 08:20   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2008-06-24 13:53   ---------   d-----w   C:\Program Files\FlashGet
2008-06-24 11:45   ---------   d-----w   C:\Program Files\Lavasoft
2008-06-24 11:45   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\Lavasoft
2008-06-23 11:06   ---------   d-----w   C:\Program Files\softnyx
2008-06-22 06:51   ---------   d-----w   C:\Program Files\TurtleBay
2008-06-22 05:49   ---------   d-----w   C:\Program Files\CABAL Online (SG MY)
2008-06-21 14:59   ---------   d--h--w   C:\Documents and Settings\Sim Khee Aik\Application Data\ijjigame
2008-06-20 09:26   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\LimeWire
2008-06-17 13:20   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-06-17 11:28   710,064   ----a-w   C:\WINDOWS\system32\ijjiSetup.exe
2008-06-11 15:01   58,800   ----a-w   C:\WINDOWS\system32\ijjiPlugin2.dll
2008-05-21 00:37   95,833   ----a-w   C:\WINDOWS\system32\{9fafac60-eeb2-9ca9-49da-ace4d9fbe4a0}.dll-uninst.exe
2008-05-16 03:58   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20   15,648   ----a-w   C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19   15,648   ----a-w   C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19   12,960   ----a-w   C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-25 13:43   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\Skype
2008-04-21 07:04   659,456   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 10:01   89,070   ----a-w   C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-03-28 13:35   40,730   ----a-w   C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2005-11-16 13:37   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
2008-02-09 01:53   233472   --a------   C:\WINDOWS\system32\nsa64.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a78bd3b8-610c-1092-1017-544c93af4742}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef79e0ef-7a59-3305-95b8-159f8ab1e1ca}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 21:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 21:58 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 21:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 21:58 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 20:18 1836544]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 16:10 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 12:25 2736384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 10:16 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 22:01 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
WL630USB Wireless B+G Utility.lnk - C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe [2005-09-26 19:26:28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"=
"C:\\Program Files\\NtreevSoft\\PangYa\\ProjectG.exe"=
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\AsiaSoft Online\\GetAmped\\amped.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\GameLibrary\\SEGA WORLDWIDE SOCCER\\WWS.EXE"=
"C:\\Program Files\\Daytona USA\\DAYTONA USA Deluxe.exe"=
"C:\\Documents and Settings\\Sim Khee Aik\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CABAL Online (SG MY)\\Launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12530:TCP"= 12530:TCP:NortonAV
"18510:TCP"= 18510:TCP:NortonAV
"14212:TCP"= 14212:TCP:NortonAV
"12693:TCP"= 12693:TCP:NortonAV
"12265:TCP"= 12265:TCP:NortonAV
"12957:TCP"= 12957:TCP:NortonAV
"16791:TCP"= 16791:TCP:NortonAV
"17527:TCP"= 17527:TCP:NortonAV
"12963:TCP"= 12963:TCP:NortonAV
"16687:TCP"= 16687:TCP:NortonAV
"17425:TCP"= 17425:TCP:NortonAV
"12612:TCP"= 12612:TCP:NortonAV
"18553:TCP"= 18553:TCP:NortonAV
"18016:TCP"= 18016:TCP:NortonAV
"15737:TCP"= 15737:TCP:NortonAV
"12539:TCP"= 12539:TCP:NortonAV
"12042:TCP"= 12042:TCP:NortonAV
"12495:TCP"= 12495:TCP:NortonAV
"14930:TCP"= 14930:TCP:NortonAV
"15203:TCP"= 15203:TCP:NortonAV
"17367:TCP"= 17367:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"14200:TCP"= 14200:TCP:NortonAV
"14444:TCP"= 14444:TCP:NortonAV
"14040:TCP"= 14040:TCP:NortonAV
"12628:TCP"= 12628:TCP:NortonAV
"13813:TCP"= 13813:TCP:NortonAV
"16671:TCP"= 16671:TCP:NortonAV
"12477:TCP"= 12477:TCP:NortonAV
"14405:TCP"= 14405:TCP:NortonAV
"17531:TCP"= 17531:TCP:NortonAV
"12634:TCP"= 12634:TCP:NortonAV
"14978:TCP"= 14978:TCP:NortonAV
"13425:TCP"= 13425:TCP:NortonAV
"13241:TCP"= 13241:TCP:NortonAV
"15010:TCP"= 15010:TCP:NortonAV
"14507:TCP"= 14507:TCP:NortonAV
"12338:TCP"= 12338:TCP:NortonAV
"14843:TCP"= 14843:TCP:NortonAV
"12541:TCP"= 12541:TCP:NortonAV
"16094:TCP"= 16094:TCP:NortonAV
"16770:TCP"= 16770:TCP:NortonAV
"13556:TCP"= 13556:TCP:NortonAV
"12703:TCP"= 12703:TCP:NortonAV
"18432:TCP"= 18432:TCP:NortonAV
"17058:TCP"= 17058:TCP:NortonAV
"18018:TCP"= 18018:TCP:NortonAV
"14933:TCP"= 14933:TCP:NortonAV
"15382:TCP"= 15382:TCP:NortonAV
"16855:TCP"= 16855:TCP:NortonAV
"12012:TCP"= 12012:TCP:NortonAV
"13387:TCP"= 13387:TCP:NortonAV
"15508:TCP"= 15508:TCP:NortonAV
"17539:TCP"= 17539:TCP:NortonAV
"12988:TCP"= 12988:TCP:NortonAV
"15065:TCP"= 15065:TCP:NortonAV
"14355:TCP"= 14355:TCP:NortonAV
"15455:TCP"= 15455:TCP:NortonAV
"15809:TCP"= 15809:TCP:NortonAV
"14913:TCP"= 14913:TCP:NortonAV
"16782:TCP"= 16782:TCP:NortonAV
"16585:TCP"= 16585:TCP:NortonAV
"13531:TCP"= 13531:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"18289:TCP"= 18289:TCP:NortonAV
"15421:TCP"= 15421:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"15173:TCP"= 15173:TCP:NortonAV
"17005:TCP"= 17005:TCP:NortonAV
"18134:TCP"= 18134:TCP:NortonAV
"12960:TCP"= 12960:TCP:NortonAV
"12130:TCP"= 12130:TCP:NortonAV
"17453:TCP"= 17453:TCP:NortonAV
"18574:TCP"= 18574:TCP:NortonAV
"14149:TCP"= 14149:TCP:NortonAV
"16721:TCP"= 16721:TCP:NortonAV
"12951:TCP"= 12951:TCP:NortonAV
"12699:TCP"= 12699:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"18600:TCP"= 18600:TCP:NortonAV
"15888:TCP"= 15888:TCP:NortonAV
"16205:TCP"= 16205:TCP:NortonAV
"17868:TCP"= 17868:TCP:NortonAV
"15251:TCP"= 15251:TCP:NortonAV
"15692:TCP"= 15692:TCP:NortonAV
"18195:TCP"= 18195:TCP:NortonAV
"16892:TCP"= 16892:TCP:NortonAV
"17070:TCP"= 17070:TCP:NortonAV
"16645:TCP"= 16645:TCP:NortonAV
"12696:TCP"= 12696:TCP:NortonAV
"13461:TCP"= 13461:TCP:NortonAV
"12668:TCP"= 12668:TCP:NortonAV
"18493:TCP"= 18493:TCP:NortonAV
"14668:TCP"= 14668:TCP:NortonAV
"13301:TCP"= 13301:TCP:NortonAV
"13204:TCP"= 13204:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"13789:TCP"= 13789:TCP:NortonAV
"13934:TCP"= 13934:TCP:NortonAV
"16670:TCP"= 16670:TCP:NortonAV
"14751:TCP"= 14751:TCP:NortonAV
"12973:TCP"= 12973:TCP:NortonAV
"17888:TCP"= 17888:TCP:NortonAV
"15879:TCP"= 15879:TCP:NortonAV
"12740:TCP"= 12740:TCP:NortonAV
"15562:TCP"= 15562:TCP:NortonAV
"13427:TCP"= 13427:TCP:NortonAV
"12151:TCP"= 12151:TCP:NortonAV
"15730:TCP"= 15730:TCP:NortonAV
"15045:TCP"= 15045:TCP:NortonAV
"14326:TCP"= 14326:TCP:NortonAV
"17500:TCP"= 17500:TCP:NortonAV
"14024:TCP"= 14024:TCP:NortonAV
"13773:TCP"= 13773:TCP:NortonAV
"14027:TCP"= 14027:TCP:NortonAV
"14393:TCP"= 14393:TCP:NortonAV
"15337:TCP"= 15337:TCP:NortonAV
"14638:TCP"= 14638:TCP:NortonAV
"18017:TCP"= 18017:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"12133:TCP"= 12133:TCP:NortonAV
"15149:TCP"= 15149:TCP:NortonAV
"13110:TCP"= 13110:TCP:NortonAV
"17135:TCP"= 17135:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"16467:TCP"= 16467:TCP:NortonAV
"16638:TCP"= 16638:TCP:NortonAV
"12240:TCP"= 12240:TCP:NortonAV
"12775:TCP"= 12775:TCP:NortonAV
"16942:TCP"= 16942:TCP:NortonAV
"13205:TCP"= 13205:TCP:NortonAV
"15734:TCP"= 15734:TCP:NortonAV
"17891:TCP"= 17891:TCP:NortonAV
"14613:TCP"= 14613:TCP:NortonAV
"16164:TCP"= 16164:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16135:TCP"= 16135:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"12975:TCP"= 12975:TCP:NortonAV
"14942:TCP"= 14942:TCP:NortonAV
"12999:TCP"= 12999:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"14639:TCP"= 14639:TCP:NortonAV
"12705:TCP"= 12705:TCP:NortonAV
"13092:TCP"= 13092:TCP:NortonAV
"13712:TCP"= 13712:TCP:NortonAV
"17869:TCP"= 17869:TCP:NortonAV
"15349:TCP"= 15349:TCP:NortonAV
"17026:TCP"= 17026:TCP:NortonAV
"15550:TCP"= 15550:TCP:NortonAV
"12499:TCP"= 12499:TCP:NortonAV
"15568:TCP"= 15568:TCP:NortonAV
"18067:TCP"= 18067:TCP:NortonAV
"12070:TCP"= 12070:TCP:NortonAV
"17102:TCP"= 17102:TCP:NortonAV
"16592:TCP"= 16592:TCP:NortonAV
"15033:TCP"= 15033:TCP:NortonAV
"16706:TCP"= 16706:TCP:NortonAV
"15612:TCP"= 15612:TCP:NortonAV
"13078:TCP"= 13078:TCP:NortonAV
"17250:TCP"= 17250:TCP:NortonAV

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 Aztech(Aztech);WL630USB Wireless B/G USB Adapter Driver(Aztech);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-06 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8812bc3e-6aa9-11dc-ad33-00e098fc301e}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7d355d4-359c-11db-ac6b-00e098fc301e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 02:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-25 09:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-20 14:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 17:13:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 17:14:26
ComboFix-quarantined-files.txt  2008-06-25 09:14:05
ComboFix2.txt  2008-06-25 08:52:40

Pre-Run: 12,461,416,448 bytes free
Post-Run: 12,437,209,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

322   --- E O F ---   2008-06-20 14:08:42
-------------------------------------------------------------------------------------------------------------------------------------
Logged
saw235
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 22


Bookmark and Share

View Profile
« Reply #3 on: June 25, 2008, 09:28:22 AM »

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:33, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsa64.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a78bd3b8-610c-1092-1017-544c93af4742} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {ef79e0ef-7a59-3305-95b8-159f8ab1e1ca} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8e510fcc1d4242289d306d200f0d5fb2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8e510fcc1d4242289d306d200f0d5fb2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sim Khee Aik\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://bluehyppo.jumboplay.com/class/DragonbackCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E599505-2396-4FED-B6D4-AB38B62CE3C3}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 12110 bytes



Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: June 25, 2008, 09:43:41 AM »

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
02 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsa64.dll
O2 - BHO: (no name) - {a78bd3b8-610c-1092-1017-544c93af4742} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ef79e0ef-7a59-3305-95b8-159f8ab1e1ca} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


Reboot..........................

==========================


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

File::
C:\WINDOWS\system32\ms*xcr.ini
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\nsa64.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a78bd3b8-610c-1092-1017-544c93af4742}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef79e0ef-7a59-3305-95b8-159f8ab1e1ca}]



 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


Logged

An Australian Member of

EDDY
saw235
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 22


Bookmark and Share

View Profile
« Reply #5 on: June 26, 2008, 01:55:56 PM »

Heres the new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:33, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8e510fcc1d4242289d306d200f0d5fb2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8e510fcc1d4242289d306d200f0d5fb2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sim Khee Aik\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://bluehyppo.jumboplay.com/class/DragonbackCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E599505-2396-4FED-B6D4-AB38B62CE3C3}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11721 bytes
Logged
saw235
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 22


Bookmark and Share

View Profile
« Reply #6 on: June 26, 2008, 01:57:34 PM »

ComboFix 08-06-20.4 - Sim Khee Aik 2008-06-26 17:07:06.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.561 [GMT 8:00]
Running from: C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sim Khee Aik\My Documents\My Received Files\CFScript.txt
 * Created a new restore point
 * Resident AV is active


FILE ::
C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\nsa64.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\nsa64.dll

.
(((((((((((((((((((((((((   Files Created from 2008-05-26 to 2008-06-26  )))))))))))))))))))))))))))))))
.

2008-06-24 19:45 . 2008-06-24 21:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 19:44 . 2008-06-24 19:44   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 18:51 . 2008-06-24 18:51   <DIR>   d--------   C:\Program Files\ESET
2008-06-24 18:51 . 2008-06-24 18:51   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 15:52 . 2008-06-24 15:52   19,456   --a------   C:\WINDOWS\system32\nada32.dll
2008-06-23 22:04 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-06-23 22:04 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-06-23 20:43 . 2008-06-25 18:54   889   --a------   C:\WINDOWS\system32\ms*xcr.ini
2008-06-23 20:26 . 2008-06-23 20:26   <DIR>   d--------   C:\Nexon
2008-06-12 23:23 . 2008-06-12 23:23   <DIR>   d--------   C:\Program Files\MSECache
2008-06-11 10:40 . 2008-06-13 21:10   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:40 . 2008-06-13 21:10   272,128   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 01:12   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\AVG7
2008-06-25 09:42   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\LimeWire
2008-06-25 08:20   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2008-06-24 13:53   ---------   d-----w   C:\Program Files\FlashGet
2008-06-24 11:45   ---------   d-----w   C:\Program Files\Lavasoft
2008-06-24 11:45   ---------   d-----w   C:\Documents and Settings\Sim Khee Aik\Application Data\Lavasoft
2008-06-23 11:06   ---------   d-----w   C:\Program Files\softnyx
2008-06-22 06:51   ---------   d-----w   C:\Program Files\TurtleBay
2008-06-22 05:49   ---------   d-----w   C:\Program Files\CABAL Online (SG MY)
2008-06-21 14:59   ---------   d--h--w   C:\Documents and Settings\Sim Khee Aik\Application Data\ijjigame
2008-06-17 13:20   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-21 00:37   95,833   ----a-w   C:\WINDOWS\system32\{9fafac60-eeb2-9ca9-49da-ace4d9fbe4a0}.dll-uninst.exe
2008-05-16 03:58   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20   15,648   ----a-w   C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19   15,648   ----a-w   C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19   12,960   ----a-w   C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 07:04   659,456   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 10:01   89,070   ----a-w   C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-03-28 13:35   40,730   ----a-w   C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2005-11-16 13:37   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-06-25_16.52.05.89   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 08:47:15   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-26 08:48:07   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 21:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 21:58 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 21:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 21:58 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 20:18 1836544]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 16:10 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 12:25 2736384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 10:16 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 22:01 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
WL630USB Wireless B+G Utility.lnk - C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe [2005-09-26 19:26:28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"=
"C:\\Program Files\\NtreevSoft\\PangYa\\ProjectG.exe"=
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\AsiaSoft Online\\GetAmped\\amped.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\GameLibrary\\SEGA WORLDWIDE SOCCER\\WWS.EXE"=
"C:\\Program Files\\Daytona USA\\DAYTONA USA Deluxe.exe"=
"C:\\Documents and Settings\\Sim Khee Aik\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CABAL Online (SG MY)\\Launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12530:TCP"= 12530:TCP:NortonAV
"18510:TCP"= 18510:TCP:NortonAV
"14212:TCP"= 14212:TCP:NortonAV
"12693:TCP"= 12693:TCP:NortonAV
"12265:TCP"= 12265:TCP:NortonAV
"12957:TCP"= 12957:TCP:NortonAV
"16791:TCP"= 16791:TCP:NortonAV
"17527:TCP"= 17527:TCP:NortonAV
"12963:TCP"= 12963:TCP:NortonAV
"16687:TCP"= 16687:TCP:NortonAV
"17425:TCP"= 17425:TCP:NortonAV
"12612:TCP"= 12612:TCP:NortonAV
"18553:TCP"= 18553:TCP:NortonAV
"18016:TCP"= 18016:TCP:NortonAV
"15737:TCP"= 15737:TCP:NortonAV
"12539:TCP"= 12539:TCP:NortonAV
"12042:TCP"= 12042:TCP:NortonAV
"12495:TCP"= 12495:TCP:NortonAV
"14930:TCP"= 14930:TCP:NortonAV
"15203:TCP"= 15203:TCP:NortonAV
"17367:TCP"= 17367:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"14200:TCP"= 14200:TCP:NortonAV
"14444:TCP"= 14444:TCP:NortonAV
"14040:TCP"= 14040:TCP:NortonAV
"12628:TCP"= 12628:TCP:NortonAV
"13813:TCP"= 13813:TCP:NortonAV
"16671:TCP"= 16671:TCP:NortonAV
"12477:TCP"= 12477:TCP:NortonAV
"14405:TCP"= 14405:TCP:NortonAV
"17531:TCP"= 17531:TCP:NortonAV
"12634:TCP"= 12634:TCP:NortonAV
"14978:TCP"= 14978:TCP:NortonAV
"13425:TCP"= 13425:TCP:NortonAV
"13241:TCP"= 13241:TCP:NortonAV
"15010:TCP"= 15010:TCP:NortonAV
"14507:TCP"= 14507:TCP:NortonAV
"12338:TCP"= 12338:TCP:NortonAV
"14843:TCP"= 14843:TCP:NortonAV
"12541:TCP"= 12541:TCP:NortonAV
"16094:TCP"= 16094:TCP:NortonAV
"16770:TCP"= 16770:TCP:NortonAV
"13556:TCP"= 13556:TCP:NortonAV
"12703:TCP"= 12703:TCP:NortonAV
"18432:TCP"= 18432:TCP:NortonAV
"17058:TCP"= 17058:TCP:NortonAV
"18018:TCP"= 18018:TCP:NortonAV
"14933:TCP"= 14933:TCP:NortonAV
"15382:TCP"= 15382:TCP:NortonAV
"16855:TCP"= 16855:TCP:NortonAV
"12012:TCP"= 12012:TCP:NortonAV
"13387:TCP"= 13387:TCP:NortonAV
"15508:TCP"= 15508:TCP:NortonAV
"17539:TCP"= 17539:TCP:NortonAV
"12988:TCP"= 12988:TCP:NortonAV
"15065:TCP"= 15065:TCP:NortonAV
"14355:TCP"= 14355:TCP:NortonAV
"15455:TCP"= 15455:TCP:NortonAV
"15809:TCP"= 15809:TCP:NortonAV
"14913:TCP"= 14913:TCP:NortonAV
"16782:TCP"= 16782:TCP:NortonAV
"16585:TCP"= 16585:TCP:NortonAV
"13531:TCP"= 13531:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"18289:TCP"= 18289:TCP:NortonAV
"15421:TCP"= 15421:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"15173:TCP"= 15173:TCP:NortonAV
"17005:TCP"= 17005:TCP:NortonAV
"18134:TCP"= 18134:TCP:NortonAV
"12960:TCP"= 12960:TCP:NortonAV
"12130:TCP"= 12130:TCP:NortonAV
"17453:TCP"= 17453:TCP:NortonAV
"18574:TCP"= 18574:TCP:NortonAV
"14149:TCP"= 14149:TCP:NortonAV
"16721:TCP"= 16721:TCP:NortonAV
"12951:TCP"= 12951:TCP:NortonAV
"12699:TCP"= 12699:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"18600:TCP"= 18600:TCP:NortonAV
"15888:TCP"= 15888:TCP:NortonAV
"16205:TCP"= 16205:TCP:NortonAV
"17868:TCP"= 17868:TCP:NortonAV
"15251:TCP"= 15251:TCP:NortonAV
"15692:TCP"= 15692:TCP:NortonAV
"18195:TCP"= 18195:TCP:NortonAV
"16892:TCP"= 16892:TCP:NortonAV
"17070:TCP"= 17070:TCP:NortonAV
"16645:TCP"= 16645:TCP:NortonAV
"12696:TCP"= 12696:TCP:NortonAV
"13461:TCP"= 13461:TCP:NortonAV
"12668:TCP"= 12668:TCP:NortonAV
"18493:TCP"= 18493:TCP:NortonAV
"14668:TCP"= 14668:TCP:NortonAV
"13301:TCP"= 13301:TCP:NortonAV
"13204:TCP"= 13204:TCP:NortonAV
"16220:TCP"= 16220:TCP:NortonAV
"13789:TCP"= 13789:TCP:NortonAV
"13934:TCP"= 13934:TCP:NortonAV
"16670:TCP"= 16670:TCP:NortonAV
"14751:TCP"= 14751:TCP:NortonAV
"12973:TCP"= 12973:TCP:NortonAV
"17888:TCP"= 17888:TCP:NortonAV
"15879:TCP"= 15879:TCP:NortonAV
"12740:TCP"= 12740:TCP:NortonAV
"15562:TCP"= 15562:TCP:NortonAV
"13427:TCP"= 13427:TCP:NortonAV
"12151:TCP"= 12151:TCP:NortonAV
"15730:TCP"= 15730:TCP:NortonAV
"15045:TCP"= 15045:TCP:NortonAV
"14326:TCP"= 14326:TCP:NortonAV
"17500:TCP"= 17500:TCP:NortonAV
"14024:TCP"= 14024:TCP:NortonAV
"13773:TCP"= 13773:TCP:NortonAV
"14027:TCP"= 14027:TCP:NortonAV
"14393:TCP"= 14393:TCP:NortonAV
"15337:TCP"= 15337:TCP:NortonAV
"14638:TCP"= 14638:TCP:NortonAV
"18017:TCP"= 18017:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"12133:TCP"= 12133:TCP:NortonAV
"15149:TCP"= 15149:TCP:NortonAV
"13110:TCP"= 13110:TCP:NortonAV
"17135:TCP"= 17135:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"16467:TCP"= 16467:TCP:NortonAV
"16638:TCP"= 16638:TCP:NortonAV
"12240:TCP"= 12240:TCP:NortonAV
"12775:TCP"= 12775:TCP:NortonAV
"16942:TCP"= 16942:TCP:NortonAV
"13205:TCP"= 13205:TCP:NortonAV
"15734:TCP"= 15734:TCP:NortonAV
"17891:TCP"= 17891:TCP:NortonAV
"14613:TCP"= 14613:TCP:NortonAV
"16164:TCP"= 16164:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16135:TCP"= 16135:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"12975:TCP"= 12975:TCP:NortonAV
"14942:TCP"= 14942:TCP:NortonAV
"12999:TCP"= 12999:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"14639:TCP"= 14639:TCP:NortonAV
"12705:TCP"= 12705:TCP:NortonAV
"13092:TCP"= 13092:TCP:NortonAV
"13712:TCP"= 13712:TCP:NortonAV
"17869:TCP"= 17869:TCP:NortonAV
"15349:TCP"= 15349:TCP:NortonAV
"17026:TCP"= 17026:TCP:NortonAV
"15550:TCP"= 15550:TCP:NortonAV
"12499:TCP"= 12499:TCP:NortonAV
"15568:TCP"= 15568:TCP:NortonAV
"18067:TCP"= 18067:TCP:NortonAV
"12070:TCP"= 12070:TCP:NortonAV
"17102:TCP"= 17102:TCP:NortonAV
"16592:TCP"= 16592:TCP:NortonAV
"15033:TCP"= 15033:TCP:NortonAV
"16706:TCP"= 16706:TCP:NortonAV
"15612:TCP"= 15612:TCP:NortonAV
"13078:TCP"= 13078:TCP:NortonAV
"17250:TCP"= 17250:TCP:NortonAV

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 Aztech(Aztech);WL630USB Wireless B/G USB Adapter Driver(Aztech);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-06 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8812bc3e-6aa9-11dc-ad33-00e098fc301e}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7d355d4-359c-11db-ac6b-00e098fc301e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 02:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 09:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-20 14:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 17:09:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 17:10:50
ComboFix-quarantined-files.txt  2008-06-26 09:10:40
ComboFix2.txt  2008-06-25 09:14:27
ComboFix3.txt  2008-06-25 08:52:40

Pre-Run: 12,343,017,472 bytes free
Post-Run: 12,415,528,960 bytes free

325   --- E O F ---   2008-06-20 14:08:42


My friend said that he has no problem surfing now. Thx for helping him tho.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: June 26, 2008, 10:53:41 PM »

I dont see any more problems.You should be fine now.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below  and click OK.

Quote

ComboFix /u

Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 19, 2020, 06:54:48 AM