Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AlphaSE.NET Alpha Male the NET [RESOLVED]

Started by SmartEgo , Aug 13 2007 12:13 PM

  • This topic is locked This topic is locked

#1
SmartEgo
Posted 13 August 2007 - 12:13 PM

SmartEgo

    Member

  • Member
  • PipPip
  • 22 posts
OK! What I hate most is to lose some message written in such html page for mail or blog for Any reason so I will TRY to redescribe my Problem:
It seems I got infected with an adware that makes my internet explorer and explorer contact alphase.net. But this is not the whole problem, when I open some programs without file parameters they assume some partameters like http://files/Interne...er/IEXPLORE.EXE when I open the internet explorer with similar symptems with programs like media player classic and getright.

I used the version of HighJackThis you gave in the pinne post but your automatic redirection refused it and gave me AFAICT the SAME version with setup! AND erased my post! Anyway here is the NEW HiJackThis log. Yet I WILL RE-THANK you for your HELP hoping that your automatic redirection be intelligent enough not to lose anyone's lifetime writing a post.

One more thing: please reoganize the "Select a file" box and its "UPLOAD" button and make it less distiguishable as it completely decieved me for the "Post New Topic" utton. I do not know about other people but I for one am very old internet user going back to 1995 I was spoofed to push the upload button and wait till nothing and no message to tell me that I uploaded empty space.

THANK YOU.
I will "Post New Topic"

Logfile of HijackThis v1.99.1
Scan saved at 20:58:00, on 2007-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
D:\uTorrent\utorrent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ACD\ACDSEE\ACDSEE.EXE
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti NetCut.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by Tigger93, 13 September 2007 - 03:21 PM.

  • 0

Advertisements

#2
Tigger93
Posted 20 August 2007 - 12:05 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome. :whistling:

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#3
SmartEgo
Posted 21 August 2007 - 04:05 PM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I do not know what to say but I guess I am sad that the cleaner found nothing to remove.
I guess that is because Kaspersky removed the infection already but when it asked me to undo the malware effects left me with false MRU references that opens the own program as a parameter which is my first annoyance. However from time to time the ie and the explorer do try to send hidden data to alphase.net
Please inform of further countermeasures or needed info @ registry file or otherwise.
I guess since no disinfection done HJT log is not needed.
Awaiting instructions.
  • 0

#4
Tigger93
Posted 22 August 2007 - 11:01 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hmm... Could you post a new HijackThis log please?
  • 0

#5
SmartEgo
Posted 23 August 2007 - 01:22 AM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:18:23, on 2007-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ACD\ACDSEE\ACDSEE.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\uTorrent\utorrent.exe
C:\Program Files\Speak\speak.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#6
Tigger93
Posted 24 August 2007 - 09:30 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
SmartEgo
Posted 25 August 2007 - 11:33 AM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks Tigger93
There was a huge improvement in my programs. They started without their annoying arguments. It stayed good for the night (without browsing)

However today Kaspersky caught this hidden data

<<<<<
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID: 3100) is trying to send data using a trusted application.

Intended address:
http://alphase.net/index.htm

Data:
>>>>>

by
C:\Program Files\Internet Explorer\IEXPLORE.EXE

but I finally got the guts to ask Kaspersky to quarantine IE! and since then IE works fine till now and no hiddn data attempts!!??

Anyways here are thlkogs you asked for:

ComboFix 07-08-17.2 - "M.SifedDin" 2007-08-25 1:03:27.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.132 [GMT 3:00]
Command switches used :: and Settings\M.SifedDin\Desktop\ComboFix.exe
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\symavc32.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\LEGACY_LMSTAZNB
-------\LEGACY_RUNTIME
-------\LEGACY_SYMAVC32
-------\LEGACY_UJUK51
-------\Iprip
-------\lmstaznb


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-25 00:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 18:37 <DIR> d-------- C:\Program Files\Bulk Rename Utility
2007-08-24 11:50 <DIR> d-------- C:\Program Files\XYplorer
2007-08-24 03:42 3,623,736 --a------ C:\WINDOWS\procexp.exe
2007-08-24 02:22 <DIR> d-------- C:\Program Files\NetMeter
2007-08-22 13:23 <DIR> d-------- C:\Program Files\RFA Platinum
2007-08-22 00:33 <DIR> d-------- C:\VundoFix Backups
2007-08-19 19:54 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-19 19:54 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-19 19:53 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-19 19:49 <DIR> d-------- C:\ATI
2007-08-15 14:58 <DIR> d-------- C:\Temp
2007-08-13 18:43 <DIR> d-------- C:\Program Files\ieSpell
2007-08-13 17:40 <DIR> d-------- C:\Program Files\Opera
2007-08-13 13:28 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-08-11 17:32 10 --a------ C:\WINDOWS\popcinfo.dat
2007-08-10 11:40 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 11:40 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-10 11:40 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-08-10 11:40 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-08-10 11:40 558,592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-10 11:40 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-10 11:40 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-08-10 11:40 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-10 11:40 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-10 11:40 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-08-10 11:40 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-08-10 11:40 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-08-10 11:40 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 11:40 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-08-10 11:40 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-10 11:40 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-08-10 11:40 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-08-10 11:40 <DIR> d-------- C:\Program Files\Codec Pack
2007-08-08 18:22 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-08 18:22 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-08 18:21 155,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-08 18:21 1,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-08 18:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-08-07 17:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-03 17:49 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-07-31 12:48 168,960 --a------ C:\WINDOWS\system32\drivers\Ujuk51.sys
2007-07-31 12:47 14,208 --a------ C:\WINDOWS\system32\drivers\dbifuaus.sys
2007-07-31 12:46 83,339 --a------ C:\WINDOWS\system32\mqgent.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 01:25 3116 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-25 01:25 1244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-24 13:58 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\ieSpell
2007-08-23 10:13 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Thunderbird
2007-08-23 10:13 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Talkback
2007-08-10 14:49 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Media Player Classic
2007-08-10 11:40 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Real
2007-07-21 12:43 --------- d-------- C:\Program Files\CDisplay
2007-07-03 16:20 --------- d-------- C:\Program Files\ACD
2007-07-01 22:54 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\.BitTornado
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{314E610A-0ED8-4834-BAB5-34F9F576E0D9}]
c:\windows\system32\nabfnab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4}]
2004-08-04 07:00 83339 --a------ C:\WINDOWS\system32\mqgent.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-08-10 09:03]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-04-14 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2007-03-09 19:26]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32]
"µTorrent"="D:\uTorrent\utorrent.exe" [2007-07-26 09:51]
"uTorrent"="D:\uTorrent\utorrent.exe" [2007-07-26 09:51]

C:\Documents and Settings\M.SifedDin\Start Menu\Programs\Startup\
Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe [2004-08-04 07:00:00]
Process Explorer.lnk - C:\WINDOWS\procexp.exe [2007-08-24 03:42:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-08-13 12:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aklspafm]
nabfnab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S2 Ca536av;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys
S2 dsejezjm;TCP/IP Protocol Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dsejezjm


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
AutoRun\command- P:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-24 21:00:08 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 22:00:04 C:\WINDOWS\Tasks\At2.job
2007-08-23 23:00:02 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 00:00:02 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 01:00:02 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 02:00:02 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 03:00:02 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 04:00:02 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 05:00:02 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 06:00:02 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 07:00:02 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 08:00:02 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 09:00:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 10:00:02 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 11:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 12:00:02 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 13:00:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 14:00:02 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 15:00:02 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 16:00:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 17:00:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 18:00:06 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 19:00:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 20:00:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\5od3D270.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 01:27:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 1:30:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-25 01:30

--- E O F ---




Logfile of HijackThis v1.99.1
Scan saved at 20:29:45, on 2007-08-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
D:\uTorrent\utorrent.exe
C:\WINDOWS\procexp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ACD\ACDSEE\ACDSEE.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\Speak\speak.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: Process Explorer.lnk = C:\WINDOWS\procexp.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#8
Tigger93
Posted 27 August 2007 - 06:20 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello,

Go ahead and delete this folder:
C:\VundoFix Backups

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\popcinfo.dat
    C:\WINDOWS\system32\drivers\Ujuk51.sys
    C:\WINDOWS\system32\drivers\dbifuaus.sys
    C:\WINDOWS\system32\mqgent.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\system32\5od3D270.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then post a new HJT log please. :whistling:
  • 0

#9
SmartEgo
Posted 28 August 2007 - 05:48 AM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I've just done your instructions and here is the log, I hope it's finished

Logfile of HijackThis v1.99.1
Scan saved at 14:41:06, on 2007-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
D:\uTorrent\utorrent.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\procexp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: Process Explorer.lnk = C:\WINDOWS\procexp.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#10
Tigger93
Posted 28 August 2007 - 08:12 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Fix these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll (file missing)

Then restart and post a new HJT log please. :whistling:
  • 0

Advertisements

#11
Tigger93
Posted 10 September 2007 - 05:46 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
Tigger93
Posted 13 September 2007 - 03:21 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Re-opened per request.
  • 0

#13
SmartEgo
Posted 14 September 2007 - 09:02 AM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
1st Sorry for the delay; I got over busy with my work so I could not take care of my computer
2nd Thank you for help I guess your advice worked as my computer seems to work fine though couple of free progs I threw at it
3rd here is the HJT log to confirm your help working

THANK YOU GUYS

Logfile of HijackThis v1.99.1
Scan saved at 21:18:10, on 2007-09-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Speak\speak.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
D:\uTorrent\utorrent.exe
C:\WINDOWS\procexp.exe
C:\WINDOWS\system32\taskmgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\RunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, RemoveCabinet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: Process Explorer.lnk = C:\WINDOWS\procexp.exe
O4 - Startup: Tahni Deskmate.LNK = C:\TahniDeskMate\DESKMATE.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#14
Tigger93
Posted 14 September 2007 - 06:13 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello,

Go Start > Control Panel > Add/Remove Programs and uninstall NetMeter

Open HijackThis and fix these:
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll (file missing)

O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe

O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)

Locate and delete this folder:
C:\Program Files\NetMeter\

Restart your computer and post a new HJT log please. :whistling:
  • 0

#15
SmartEgo
Posted 19 September 2007 - 01:36 PM

SmartEgo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Dear Tigger93

Not that I weep on NetMeter but I would like to know if it's harmful in anyway toi deploy so that i warn my friends or is it just precaution step

So here is the HJT log. I hope it's the last one
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:49:24, on 2007-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
D:\uTorrent\utorrent.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\procexp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Speak\speak.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\bin\NVDesktopProxy.exe
C:\Program Files\Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: Process Explorer.lnk = C:\WINDOWS\procexp.exe
O4 - Startup: Tahni Deskmate.LNK = C:\TahniDeskMate\DESKMATE.EXE
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP