Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. 01-17-2009, 10:45 AM #1
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1

    Default hijackthis - log file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:56:56 AM, on 1/17/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O1 - Hosts: 69.50.206.14 fst.omnilounge.co.uk
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --
    End of file - 9484 bytes



    pls help on this. i got win32:torjan-gen. ingon sa other forum not all trojan-gen are virus. using avast. patudlo pud og analysis sa hijackthis
  2. 01-17-2009, 11:08 AM #2
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:10:19 AM, on 1/17/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe
    g:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\Program Files\SnagIt 7\SnagItIEAddin.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn5\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'Default user')
    O8 - Extra context menu item: &Download All with FlashGet - G:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - G:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124281885484
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mylittlebabies1952.spaces.liv...d/MsnPUpld.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} -
    O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
    O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: HDD Network Temperature Server (HDDNetTemp) - Unknown owner - C:\Program Files\PalickSoft\HDD Network Temperature - beta 1\HDDNetTempServer.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee, Inc - (no file)
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 11604 bytes


    my 2nd computer. naay cge samok. "x" na file. no extension wat so ever.
    Last edited by lestat1116; 01-17-2009 at 11:13 AM.
  3. 01-17-2009, 11:13 AM #3
    joco_ph
    joco_ph is offline
    Senior Member
    Join Date
    May 2005
    Posts
    914
    copy / paste ur log here for analysis

    HijackThis Logfileauswertung
  4. 01-17-2009, 11:31 AM #4
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1
    O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize --- wer can i find this sa ako comp?

    ok na saw it.
    Last edited by lestat1116; 01-17-2009 at 11:33 AM.
  5. 01-17-2009, 03:40 PM #5
    SmaRkieS
    SmaRkieS is offline
    C.I.A. SmaRkieS's Avatar
    Join Date
    Oct 2008
    Gender
    Male
    Posts
    4,768
    Quote Originally Posted by lestat1116 View Post
    O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize --- wer can i find this sa ako comp?

    ok na saw it.
    use the search function of your OS. If wala ang file meaning it was remove by your antivirus, or naka hide ang file. Try download Malware Bytes, or use ComboFix.
  6. 01-17-2009, 11:10 PM #6
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1
    naa ko lain problem. ako anti-virus cge detect x.exe. after delete nako naa gihapon.
    asa ta ka download og combofix?
    Last edited by lestat1116; 01-17-2009 at 11:13 PM.
  7. 01-18-2009, 03:15 AM #7
    istoryanimo
    istoryanimo is offline
    Elite Member istoryanimo's Avatar
    Join Date
    Feb 2008
    Gender
    Male
    Posts
    1,587
    Try ccleaner bro. I hope it helps.
  8. 01-18-2009, 05:14 AM #8
    t3ChNo™
    t3ChNo™ is offline
    C.I.A. t3ChNo™'s Avatar
    Join Date
    May 2005
    Gender
    Male
    Posts
    4,077
    Blog Entries
    1
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    - delete that npkcsvc.exe. find it "C:\WINDOWS\system32\"
    - try running Vundofix
  9. 01-18-2009, 10:18 AM #9
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1
    Quote Originally Posted by t3ChNo™ View Post
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    - delete that npkcsvc.exe. find it "C:\WINDOWS\system32\"
    - try running Vundofix
    same rana ang vundofix og combofix?

    samoka ani rootkit oi.

    kinsa maka read og log file sa combofix?
    Last edited by lestat1116; 01-18-2009 at 11:42 AM.
  10. 01-18-2009, 11:48 AM #10
    lestat1116
    lestat1116 is offline
    C.I.A. lestat1116's Avatar
    Join Date
    Aug 2004
    Gender
    Male
    Posts
    11,554
    Blog Entries
    1
    ComboFix 09-01-17.03 - Brian 2009-01-18 10:29:38.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.269 [GMT 8:00]
    Running from: g:\downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning disabled* (Updated)
    FW: Personal Firewall Plus *enabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Brenda\Application Data\FunWebProducts
    c:\documents and settings\Brenda\Application Data\FunWebProducts\Data\Brenda\avatar.dat
    c:\documents and settings\Brenda\Application Data\FunWebProducts\Data\Brenda\register.dat
    c:\documents and settings\Brenda\Application Data\FunWebProducts\Data\Brenda\zbucks.dat
    c:\documents and settings\Brian\Application Data\inst.exe
    C:\test.txt
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\system32\cache329
    c:\windows\system32\cache329\B_120700.htm
    c:\windows\system32\cache329\B_261400.htm
    c:\windows\system32\cache329\B_329_0_4_179300.gif
    c:\windows\system32\cache329\B_329_0_4_179400.gif
    c:\windows\system32\cache329\B_329_0_4_179600.gif
    c:\windows\system32\cache329\B_329_0_4_179700.gif
    c:\windows\system32\cache329\B_329_0_4_179900.gif
    c:\windows\system32\cache329\B_329_0_4_273600.gif
    c:\windows\system32\cache329\B_329_2_4_179300.gif
    c:\windows\system32\cache329\B_329_2_4_179400.gif
    c:\windows\system32\cache329\B_329_2_4_179600.gif
    c:\windows\system32\cache329\B_329_2_4_179700.gif
    c:\windows\system32\cache329\B_329_2_4_179900.gif
    c:\windows\system32\cache329\B_329_2_4_273600.gif
    c:\windows\system32\cache329\B_329_2_4_283800.htm
    c:\windows\system32\cache329\B_329_2_4_283800.swf
    c:\windows\system32\cache329\B_329_3_4_179300.gif
    c:\windows\system32\cache329\B_329_3_4_179400.gif
    c:\windows\system32\cache329\B_329_3_4_179600.gif
    c:\windows\system32\cache329\B_329_3_4_179700.gif
    c:\windows\system32\cache329\B_329_3_4_179900.gif
    c:\windows\system32\cache329\B_329_3_4_283500.htm
    c:\windows\system32\cache329\B_329_3_4_283500.swf
    c:\windows\system32\cache329\B_329_4_4_168800.htm
    c:\windows\system32\cache329\B_329_4_4_168800.swf
    c:\windows\system32\cache329\B_329_4_4_174900.gif
    c:\windows\system32\cache329\B_329_4_4_174900.htm
    c:\windows\system32\cache329\B_329_4_4_175300.gif
    c:\windows\system32\cache329\B_329_4_4_175300.htm
    c:\windows\system32\cache329\B_329_4_4_179000.gif
    c:\windows\system32\cache329\B_329_4_4_179000.htm
    c:\windows\system32\cache329\B_329_4_4_193300.gif
    c:\windows\system32\cache329\B_329_4_4_193300.htm
    c:\windows\system32\cache329\B_329_4_4_346600.gif
    c:\windows\system32\cache329\B_329_4_4_346600.htm
    c:\windows\system32\cache329\B_329_4_4_346900.gif
    c:\windows\system32\cache329\B_329_4_4_346900.htm
    c:\windows\system32\cache329\B_382000.htm
    c:\windows\system32\cache329\t_B_120700.htm
    c:\windows\system32\cache329\t_B_261400.htm
    c:\windows\system32\cache329\t_B_382000.htm
    c:\windows\system32\ftpupd.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
    .

    2009-01-18 10:10 . 2009-01-18 10:10 <DIR> d-------- C:\VundoFix Backups
    2009-01-17 20:38 . 2009-01-17 20:38 0 --ah----- c:\documents and settings\hpothb07.tif
    2009-01-17 20:38 . 2009-01-17 20:38 0 --ah----- c:\documents and settings\hpothb07.dat
    2009-01-16 11:32 . 2009-01-16 11:38 664 --a------ c:\windows\desctemp.dat
    2009-01-07 16:38 . 2009-01-07 16:38 <DIR> d-------- c:\program files\FMS
    2008-12-23 22:27 . 2008-12-23 22:27 <DIR> d-------- c:\program files\SystemRequirementsLab
    2008-12-23 22:26 . 2008-12-23 22:27 <DIR> d-------- c:\documents and settings\Brian\Application Data\SystemRequirementsLab
    2008-12-21 21:24 . 2008-12-21 21:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Bluetooth
    2008-12-21 21:20 . 2008-12-21 21:23 32 --a------ c:\windows\0
    2008-12-21 21:20 . 2008-12-21 21:20 0 --a------ c:\windows\SYSTEM32\0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-01-17 12:44 2,026 ---ha-w c:\documents and settings\LocalService\hpothb07.dat
    2008-12-21 12:53 2,754 ----a-w c:\windows\SYSTEM32\PerfStringBackup.TMP
    2008-11-28 17:29 --------- d-----w c:\documents and settings\Brian\Application Data\InstallShield
    2008-11-24 13:59 --------- d-----w c:\documents and settings\Brian\Application Data\Share-to-Web Upload Folder
    2008-11-23 00:43 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2DBoy
    2008-11-15 04:03 39,544 ----a-w c:\documents and settings\Monet\Application Data\GDIPFONTCACHEV1.DAT
    2008-10-18 00:06 40,488 ----a-w c:\documents and settings\Brenda\Application Data\GDIPFONTCACHEV1.DAT
    2008-10-01 02:40 40,488 ----a-w c:\documents and settings\Brian\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-21 15:14 47,360 ----a-w c:\documents and settings\Brian\Application Data\pcouffin.sys
    2006-03-17 02:21 492 ---ha-w c:\documents and settings\Brenda\hpothb07.dat
    2006-03-17 02:21 186 ---ha-w c:\documents and settings\Brian\Application Data\hpothb07.dat
    2006-03-17 02:21 161 ---ha-w c:\documents and settings\Brian\hpothb07.dat
    2006-03-17 02:21 0 ---ha-w c:\documents and settings\Monet\hpothb07.dat
    2006-03-17 02:21 0 ---ha-w c:\documents and settings\Default User.WINDOWS\hpothb07.dat
    2006-03-17 02:21 0 ---ha-w c:\documents and settings\Administrator\hpothb07.dat
    2004-07-13 07:21 136 ----a-w c:\program files\BMonitor.dll
    2003-03-19 07:10 21,952 ---h--w c:\program files\folder.htt
    2008-12-19 02:27 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 02:27 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 02:27 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2005-09-15 10:26 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
    2008-12-19 02:27 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 02:27 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2004-07-21 22:35 184 --sha-r c:\windows\Regbak.dat
    1979-12-31 16:00 1 --sha-w c:\windows\sy.exe
    1979-12-31 16:00 1 --sha-w c:\windows\msrm.exe
    1979-12-31 16:00 1 --sha-w c:\windows\NT.Config`.exe
    2006-06-01 05:52 11,270 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-27 81000]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent .exe" [2005-09-22 303104]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
    "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 28672]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 212992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-04 401491]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]

    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    2003-08-25 10:25 139264 c:\program files\Common Files\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= pvmjpg20.dll
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf g:\program files\iolo\System Mechanic Professional 6\

    [HKLM\~\startupfolder\C:^Documents and Settings^Kido^Start Menu^Programs^Startup^HDD temperature.lnk]
    backup=c:\windows\pss\HDD temperature.lnkStartup

    [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1.WIN^Star t Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imsyckyetnmk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    --a------ 2004-12-01 17:36 983040 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
    --a------ 2004-02-10 21:15 187904 c:\documents and settings\Kido\Desktop\Bandwidth Monitor Pro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 00:56 15360 c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    --a------ 2005-11-22 17:38 221184 c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2004-02-04 02:42 401491 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2002-12-10 08:19 188416 c:\windows\SYSTEM32\spool\drivers\w32x86\3\hpztsb0 7.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    --a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
    --a------ 2004-07-29 14:55 139264 c:\progra~1\McAfee.com\Agent\mcregwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    --a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    --a------ 2002-04-17 10:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2004-09-28 20:26 32881 c:\program files\Java\j2re1.4.2_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-03-09 15:29 1519616 c:\windows\SYSTEM32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon"=3 (0x3)
    "iPodService"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "ose"=3 (0x3)
    "npkcsvc"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "ATKKeyboardService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\ 3\hpztsb07.exe
    "iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\System32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"=
    "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\hp deskjet 1180c Toolbox\\HPWFTBX.EXE"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "c:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe"=
    "d:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "d:\\Program Files\\mIRC\\mirc.exe"=
    "d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
    "c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
    "g:\\Program Files\\FlashGet\\flashget.exe"=
    "g:\\Program Files\\Counter-Strike\\hl.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "g:\\Program Files\\Garena\\Garena.exe"=
    "g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
    "g:\\Level Up! Games\\Grand Chase PH\\main.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 xmasbus;xmasbus;c:\windows\SYSTEM32\DRIVERS\xmasbu s.sys [2006-02-20 140800]
    R0 xmasscsi;xmasscsi;c:\windows\SYSTEM32\DRIVERS\xmas scsi.sys [2006-02-20 5504]
    R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-04-02 111184]
    R3 csaudio;V-Gear WebCam Pro2 Audio Driver;c:\windows\SYSTEM32\DRIVERS\CsAud.sys [2004-07-20 13162]
    R3 DCamUSB20;V-Gear WebCam Pro2;c:\windows\SYSTEM32\DRIVERS\CsMini20.sys [2004-07-20 126037]
    R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\SYSTEM32\DRIVERS\RMSPPPOE.SYS [2002-10-03 31424]
    R4 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [2008-04-02 20560]
    S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\SYSTEM32\DRIVERS\e10kx2k.sys [2001-07-13 1745168]
    S3 FTLUND;Lundinova Filter Driver;c:\windows\SYSTEM32\DRIVERS\ftlund.sys [2007-08-13 6828]
    S3 kxwdmdrv;kX WDM Driver Service;c:\windows\SYSTEM32\DRIVERS\kx.sys [2004-02-17 571776]
    S3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiF iltr.sys --> c:\windows\system32\DRIVERS\NaiFiltr.sys [?]
    S4 HDDNetTemp;HDD Network Temperature Server;c:\program files\PalickSoft\HDD Network Temperature - beta 1\HDDNetTempServer.exe /startedbyscm:B15A26C5-40E2B66C-HDDNetTemp --> c:\program files\PalickSoft\HDD Network Temperature - beta 1\HDDNetTempServer.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{115db632-d357-11db-a710-0004758bcf73}]
    \Shell\Auto\command - sxs.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-CTHelper - CTHELPER.EXE
    MSConfigStartUp-kernctl32 - kctl32.dll
    MSConfigStartUp-WINDVDPatch - CTHELPER.EXE


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download All with FlashGet - g:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - g:\program files\FlashGet\jc_link.htm
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    IE: { - c:\program files\Messenger\msmsgs.exe

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    O16 -: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
    FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\ckibwqjc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.istorya.net/forums/index.php
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .

    ************************************************** ************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 10:31:15
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\H DDNetTemp]
    "ImagePath"="c:\program files\PalickSoft\HDD Network Temperature - beta 1\HDDNetTempServer.exe /startedbyscm:B15A26C5-40E2B66C-HDDNetTemp"

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\v sdatant]
    "ImagePath"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(880)
    c:\program files\Common Files\Stardock\mcpstub.dll
    c:\windows\system32\l3codeca.acm
    .
    Completion time: 2009-01-18 10:32:42
    ComboFix-quarantined-files.txt 2009-01-18 02:32:42

    Pre-Run: 2,015,346,688 bytes free
    Post-Run: 2,020,245,504 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
    C:\=MS-DOS

    320 --- E O F --- 2008-06-07 06:39:29

    11.    Advertisement

Page 1 of 2 12 LastLast

Similar Threads
 
  1. Print log viewer / to file converter
    By javapenguin in forum Programming
    Replies: 11
    Last Post: 03-14-2009, 10:24 AM
  2. SQL Server LOG FILE HELP!!!
    By duching11 in forum Software & Games (Old)
    Replies: 0
    Last Post: 06-10-2008, 02:57 PM
  3. XDA2: file shortcut not removed after program uninstalled
    By c_cebrecus in forum Gizmos & Gadgets (Old)
    Replies: 5
    Last Post: 05-28-2008, 02:10 AM
  4. Loading .LOG file in VB6
    By uzumaki in forum Programming
    Replies: 3
    Last Post: 03-18-2008, 07:09 PM
  5. Help Me I Cant Log In
    By mark eugene in forum Support Center
    Replies: 12
    Last Post: 06-06-2005, 02:35 PM
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

about us
We are the first Cebu Online Media.

iSTORYA.NET is Cebu's Biggest, Southern Philippines' Most Active, and the Philippines' Strongest Online Community!
follow us
Get it on Google Play
iOS app on App Store
#top