|
| | | New Member
Group: Forum Members
Last Login: 7/10/2008 4:19 PM
Posts: 39, Visits: 52 |
| As noted above my PC has started to take a while to open XP windows and runs slow after connection to the internet for several minutes>
HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 21:59:27, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\us\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = )3az )3aziah's Machine
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.5.160.5:8080
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - Global Startup: Caledos Scheduler.lnk = C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C255783C-B058-4A48-B500-B4B90F523130}: NameServer = 62.30.0.39,195.188.53.175
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Thank you for looking this over.
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,366, Visits: 54,734 |
| Welcome
Download and scan with CCleaner:
http://www.ccleaner.com/download/builds
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free 'Slim' version instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "Exit" when done.
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u7'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language - jre-6u7-windows-i586-p.exe' [15.24 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
14. UNCHECK the option to install Google Toolbar if you don't want it.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
The version of Hijackthis you're running is way out of date so please remove/delete it.
Download Trend Micro HijackThis 2.0.2 to your desktop:
Double click on HJTInstall.exe,it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis.
When the install is complete,HijackThis will automatically launch.
When the license agreement appears,select "I Accept" and then click on the "Do a system scan only" button.
When the scan is complete,click on the "Save Log" button,then save it to your desktop.
Copy and paste the entire contents of that log into your next reply.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 7/10/2008 4:19 PM
Posts: 39, Visits: 52 |
| Thank you for the quick responce and the time you are taking to help me out once more. Logs are attacxhed as requested:
First the COmbofix log:
ComboFix 08-07-09.2 - us 2008-07-10 0:18:58.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1519 [GMT 1:00]
Running from: C:\Documents and Settings\us\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\comsa32.sys
.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.
2008-07-10 00:15 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl
2008-07-10 00:06 . 2008-07-10 00:060--a------C:\WINDOWS\system32\REN236.tmp
2008-07-10 00:06 . 2008-07-10 00:060--a------C:\WINDOWS\system32\REN235.tmp
2008-07-10 00:06 . 2008-07-10 00:060--a------C:\WINDOWS\system32\REN234.tmp
2008-07-08 21:02 . 2008-07-08 22:27d--------C:\Documents and Settings\us\Nero folder
2008-07-07 19:34 . 2008-07-09 19:5554,156--ah-----C:\WINDOWS\QTFont.qfn
2008-07-07 19:34 . 2008-07-07 19:341,409--a------C:\WINDOWS\QTFont.for
2008-07-07 19:06 . 2008-07-07 19:06d--------C:\Documents and Settings\us\Application Data\NSeries
2008-07-07 18:35 . 2008-07-07 18:35d--------C:\Program Files\Common Files\Nokia
2008-07-07 18:35 . 2008-07-07 18:35d--------C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-07 18:28 . 2008-07-07 19:05d--------C:\Documents and Settings\us\Application Data\Nokia
2008-07-07 18:28 . 2008-07-07 18:29d--------C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-07 18:24 . 2008-07-07 18:35d--------C:\Program Files\Nokia
2008-07-07 18:24 . 2008-07-07 18:24d--------C:\Program Files\Common Files\PCSuite
2008-07-07 18:23 . 2008-07-07 18:23d--------C:\Program Files\PC Connectivity Solution
2008-07-07 18:23 . 2008-07-07 18:23d--------C:\Program Files\DIFX
2008-07-07 18:23 . 2008-07-07 18:28d--------C:\Documents and Settings\us\Application Data\PC Suite
2008-06-29 22:11 . 2008-06-29 22:11d--------C:\Program Files\Picasa2
2008-06-29 01:25 . 2008-06-29 01:252,560--a------C:\WINDOWS\system32\bitcometres.dll
2008-06-27 23:48 . 2008-06-27 23:48d--------C:\Program Files\WMA-MP3.com
2008-06-27 23:16 . 2008-06-27 23:33d--------C:\Documents and Settings\us\Application Data\Free Audio Editor
2008-06-27 23:12 . 2008-06-27 23:12d--------C:\Program Files\Free Audio Editor
2008-06-26 19:11 . 2004-08-04 00:56159,232--a------C:\WINDOWS\system32\ptpusd.dll
2008-06-26 19:11 . 2004-08-03 22:5815,104--a------C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-26 19:11 . 2004-08-03 22:5815,104--a--c---C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-26 19:11 . 2001-08-17 22:365,632--a------C:\WINDOWS\system32\ptpusb.dll
2008-06-18 22:57 . 2008-06-18 22:57d--------C:\Program Files\EZ Boosters
2008-06-18 22:03 . 2008-06-18 22:06d--------C:\Documents and Settings\us\Application Data\Azureus
2008-06-18 22:03 . 2008-06-18 22:03d--------C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-18 22:02 . 2008-06-18 22:07d--------C:\Program Files\Vuze
2008-06-16 00:12 . 2008-06-16 00:12d--------C:\Program Files\DownloadToolz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 23:21---------d-----wC:\Program Files\Common Files\Symantec Shared
2008-07-09 23:15---------d-----wC:\Program Files\Java
2008-07-09 22:57---------d-----wC:\Program Files\PeerGuardian2
2008-07-09 22:57---------d-----wC:\Documents and Settings\us\Application Data\uTorrent
2008-07-09 21:15---------d-----wC:\Documents and Settings\All Users\Application Data\Symantec
2008-07-09 20:34---------d-----wC:\Program Files\Flickr Uploadr
2008-07-08 21:07---------d-----wC:\Documents and Settings\us\Application Data\Vso
2008-07-06 14:49---------d-----wC:\Program Files\ASUS
2008-07-06 14:47---------d-----wC:\Program Files\DivX
2008-07-06 14:47---------d-----wC:\Program Files\Datel
2008-07-01 00:30---------d-----wC:\Documents and Settings\us\Application Data\dvdcss
2008-06-29 21:11---------d-----wC:\Program Files\Google
2008-06-29 18:58---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 13:41---------d-----wC:\Documents and Settings\us\Application Data\gtk-2.0
2008-06-29 11:11---------d-----wC:\Program Files\SpywareBlaster
2008-06-29 00:26---------d-----wC:\Program Files\BitComet
2008-06-22 12:13---------d-----wC:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-04 21:51---------d-----wC:\Program Files\Windows Live
2008-06-03 21:11---------d-----wC:\Program Files\SUPERAntiSpyware
2008-06-02 18:15---------d-----wC:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 18:14---------dcsh--wC:\Program Files\Common Files\WindowsLiveInstaller
2008-06-01 22:35---------d-----wC:\Documents and Settings\us\Application Data\Flickr
2008-05-31 09:55805----a-wC:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:5560,800----a-wC:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 09:55123,952----a-wC:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 09:5510,671----a-wC:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 09:55---------d-----wC:\Program Files\Symantec
2008-05-30 23:22823,296----a-wC:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22823,296----a-wC:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22815,104----a-wC:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22802,816----a-wC:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22683,520----a-wC:\WINDOWS\system32\DivX.dll
2008-05-30 23:22593,920----a-wC:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:2257,344----a-wC:\WINDOWS\system32\dpv11.dll
2008-05-30 23:2253,248----a-wC:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22344,064----a-wC:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22294,912----a-wC:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22294,912----a-wC:\WINDOWS\system32\dpu10.dll
2008-05-27 22:16---------d-----wC:\Program Files\GIMP-2.0
2008-05-22 22:22524,288----a-wC:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:223,596,288----a-wC:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20200,704----a-wC:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:201,044,480----a-wC:\WINDOWS\system32\libdivx.dll
2008-05-22 22:1981,920----a-wC:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19196,608----a-wC:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19161,096----a-wC:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:1812,288----a-wC:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 16:02---------d-----wC:\Documents and Settings\us\Application Data\VSO_HWE
2008-04-13 16:39107,888----a-wC:\WINDOWS\system32\CmdLineExt.dll
2008-02-02 10:1320,720----a-wC:\Documents and Settings\us\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-03-31 13:00 332928 244a2f9816bc9b593957281ef577d976C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55cC:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-05-04 19:12 360064 3f89432724dc5d72689e16f3354bccfcC:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-04 19:12 360064 3f89432724dc5d72689e16f3354bccfcC:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-03 22:11 1506544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-12 11:26 5288960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2005-08-18 09:52 113152]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 07:25 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 03:51 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 03:51 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-03 10:45 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 03:22 26248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 22:42 577536 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Caledos Scheduler.lnk - C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler.exe [2007-10-14 23:27:23 245760]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 12:17 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^us^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk]
path=C:\Documents and Settings\us\Start Menu\Programs\Startup\Bitcomet Ultra Accelerator.lnk
backup=C:\WINDOWS\pss\Bitcomet Ultra Accelerator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 11:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2007-06-26 15:04 2165256 C:\Program Files\XpertVision\TBPANEL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-07-25 15:55 1043968 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-06 00:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-22 02:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-02-22 14:29 54576 C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-07-23 03:51 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10840:UDP"= 10840:UDP:BitComet 10840 UDP
"12793:TCP"= 12793:TCP:BitComet 12793 TCP
"12793:UDP"= 12793:UDP:BitComet 12793 UDP
"24090:TCP"= 24090:TCP:BitComet 24090 TCP
"24090:UDP"= 24090:UDP:BitComet 24090 UDP
"16207:TCP"= 16207:TCP:BitComet 16207 TCP
"16207:UDP"= 16207:UDP:BitComet 16207 UDP
"9743:TCP"= 9743:TCP:BitComet 9743 TCP
"9743:UDP"= 9743:UDP:BitComet 9743 UDP
"15730:TCP"= 15730:TCP:BitComet 15730 TCP
"15730:UDP"= 15730:UDP:BitComet 15730 UDP
"24466:TCP"= 24466:TCP:BitComet 24466 TCP
"24466:UDP"= 24466:UDP:BitComet 24466 UDP
"13223:TCP"= 13223:TCP:BitComet 13223 TCP
"13223:UDP"= 13223:UDP:BitComet 13223 UDP
"45682:TCP"= 45682:TCP:utorrent1
"24996:TCP"= 24996:TCP:BitComet 24996 TCP
"24996:UDP"= 24996:UDP:BitComet 24996 UDP
"13438:TCP"= 13438:TCP:BitComet 13438 TCP
"13438:UDP"= 13438:UDP:BitComet 13438 UDP
"24068:TCP"= 24068:TCP:BitComet 24068 TCP
"24068:UDP"= 24068:UDP:BitComet 24068 UDP
"14390:TCP"= 14390:TCP:BitComet 14390 TCP
"14390:UDP"= 14390:UDP:BitComet 14390 UDP
"13158:TCP"= 13158:TCP:BitComet 13158 TCP
"13158:UDP"= 13158:UDP:BitComet 13158 UDP
"24961:TCP"= 24961:TCP:BitComet 24961 TCP
"24961:UDP"= 24961:UDP:BitComet 24961 UDP
"21442:TCP"= 21442:TCP:BitComet 21442 TCP
"21442:UDP"= 21442:UDP:BitComet 21442 UDP
"17626:TCP"= 17626:TCP:BitComet 17626 TCP
"17626:UDP"= 17626:UDP:BitComet 17626 UDP
"14830:TCP"= 14830:TCP:BitComet 14830 TCP
"14830:UDP"= 14830:UDP:BitComet 14830 UDP
"6889:TCP"= 6889:TCP:BitComet 6889 TCP
"6889:UDP"= 6889:UDP:BitComet 6889 UDP
"8596:TCP"= 8596:TCP:BitComet 8596 TCP
"8596:UDP"= 8596:UDP:BitComet 8596 UDP
"22082:TCP"= 22082:TCP:BitComet 22082 TCP
"22082:UDP"= 22082:UDP:BitComet 22082 UDP
"21269:TCP"= 21269:TCP:BitComet 21269 TCP
"21269:UDP"= 21269:UDP:BitComet 21269 UDP
"20751:TCP"= 20751:TCP:BitComet 20751 TCP
"20751:UDP"= 20751:UDP:BitComet 20751 UDP
"18800:TCP"= 18800:TCP:BitComet 18800 TCP
"18800:UDP"= 18800:UDP:BitComet 18800 UDP
"11375:TCP"= 11375:TCP:BitComet 11375 TCP
"11375:UDP"= 11375:UDP:BitComet 11375 UDP
"19995:TCP"= 19995:TCP:BitComet 19995 TCP
"19995:UDP"= 19995:UDP:BitComet 19995 UDP
"49510:TCP"= 49510:TCP:BitComet 49510 TCP
"49510:UDP"= 49510:UDP:BitComet 49510 UDP
"27266:TCP"= 27266:TCP:BitComet 27266 TCP
"27266:UDP"= 27266:UDP:BitComet 27266 UDP
"7735:TCP"= 7735:TCP:BitComet 7735 TCP
"7735:UDP"= 7735:UDP:BitComet 7735 UDP
"25999:TCP"= 25999:TCP:BitComet 25999 TCP
"25999:UDP"= 25999:UDP:BitComet 25999 UDP
"55006:TCP"= 55006:TCP:BitComet 55006 TCP
"55006:UDP"= 55006:UDP:BitComet 55006 UDP
"55010:TCP"= 55010:TCP:BitComet 55010 TCP
"55010:UDP"= 55010:UDP:BitComet 55010 UDP
"21631:TCP"= 21631:TCP:BitComet 21631 TCP
"21631:UDP"= 21631:UDP:BitComet 21631 UDP
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-02-02 10:33]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 19:29:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 19:00:04 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - us.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 00:21:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-10 0:23:52
ComboFix-quarantined-files.txt 2008-07-09 23:22:50
Pre-Run: 194,297,561,088 bytes free
Post-Run: 194,347,393,024 bytes free
270--- E O F ---2008-06-08 16:40:09[/b]
And HiJackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:41, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.5.160.5:8080
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Caledos Scheduler.lnk = C:\Program Files\CaledosGroup\Caledos\Caledos_Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C255783C-B058-4A48-B500-B4B90F523130}: NameServer = 62.30.0.39,195.188.53.175
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9620 bytes
Again thanks.
Jim
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,366, Visits: 54,734 |
| You're running filesharing programs.
Many of these programs come bundled with unwanted components/malware.
If you wish to find out whether the one you're using does,click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.
The bad guys use filesharing programs as a major source to spread their wares.
I suggest you uninstall it/them now.
If you must use P2P/file sharing programs,you should read on:
* Don't download files from people you don't trust -- Just like you shouldn't open e-mail attachments from people you don't trust, you should be wary about downloading files from them as well.
* Keep your file-sharing legal -- Downloading copyrighted music, movies and software using these file-sharing programs without the copyright owner's permission could put you in serious legal trouble. Peer-to-peer users should be aware that they may not be anonymous while using these networks. Copyright holders have located peer-to-peer copyright infringers and have sued them. There are a growing number of online music and movie services where you can stream, download or purchase digital files with the copyright owners' permission. Using these services is one way to ensure that you will avoid unwanted lawsuits.
* Watch out for spy-ware -- Some file-sharing programs embed spy-ware programs when you install them on your computer. These programs can run in the background and create unwanted pop-up advertisements and some even monitor your online behavior.
* Use and update your anti-virus software -- Computer experts are starting to see viruses being spread through file-sharing networks. Be careful what you download and always make sure your anti-virus software is running and frequently updated.
* Secure your sensitive computer information -- If you keep sensitive information on your computer like your tax return information and online bank account data, check to make sure that you are not inadvertently making this available to thousands of strangers on the Internet.
* Parents, talk to your kids -- Parents should be aware that file-sharing networks contain inappropriate audio and video clips -- many of a sexually explicit nature.
Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy ALL the text inside the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
[kill explorer]
C:\WINDOWS\system32\REN236.tmp
C:\WINDOWS\system32\REN235.tmp
C:\WINDOWS\system32\REN234.tmp
[start explorer]
Return to OTMoveIt, right click on the "Paste List of Files/Folders to Move" window under the "yellow" bar,and choose Paste,see image below:
Click on the Moveit! button 
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
Please double-click OTMoveIt.exe again to run it.
Click on the 'Cleanup' button 
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.
Please download Malwarebytes Anti-Malware:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
(If using Windows Vista,be sure to "Run As Administrator").
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also post a new Hijackthis log,let me know how your pc is running now.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | |
|
