Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google webpage redirected.

Started by woodland-valley , Jan 27 2008 07:59 AM

  • This topic is locked This topic is locked

#1
woodland-valley
Posted 27 January 2008 - 07:59 AM

woodland-valley

    Member

  • Member
  • PipPip
  • 10 posts
Hi all, when i click on a link in google page, the link will be redirected tosome other webpage. i have have small triangle icon appearing on my taskbar saying my pc infected with virus asking mi to do a scan.
below is my hijack log. many thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:09 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
d:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {68D04E48-57F0-4FE7-AFF6-2878E8B3EAD6} - C:\WINDOWS\system32\crtdl.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [StormCodec_Helper] "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0129801201498251) (0129801201498251mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\012980~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12446 bytes
  • 0

Advertisements

#2
Noviciate
Posted 30 January 2008 - 02:14 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
1) Download SmitfraudFix.exe by S!Ri from here and save it to your Desktop.

If you already have a copy, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "4" and then <ENTER> to check for updates.
Don't forget to allow SmiUpdate.exe access through your firewall.
Once it has updated, or if there are no updates available, continue with the scan, "option 1", below.

2) Double click SmitfraudFix.exe - this will open a Command Window and also create the SmitfraudFix folder on your Desktop. Once you have read the information, "press any key to continue..."
Press "1" and then <ENTER> to start the search process.
When the search has completed, a text file, rapport.txt, will open with the results in - Copy and paste this report into your next reply.

A copy of the report can be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)

IMPORTANT: Do NOT run any other options until you are asked to do so!

Please Note: Some security programs will incorrectly identify this tool as potentially or actually malicious due to some of it's components. Although these files can be used maliciously, they are an integral part of the fix and I recommend you tell your scanner to mind it's own business this time.

Also, run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
woodland-valley
Posted 30 January 2008 - 07:01 PM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, thank you very much for the help. Below are the reports:

SmitFraudFix v2.277
Scan done at 8:55:53.71, Thu 01/31/2008
Run from C:\Documents and Settings\@dmin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\@dmin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\@dmin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\@dmin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E8A6E62C-2095-4A6D-A7FE-4A878C4BEF53}: DhcpNameServer=202.156.1.78 202.156.1.68 218.186.1.88
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.156.1.78 202.156.1.68 218.186.1.88


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
woodland-valley
Posted 30 January 2008 - 07:06 PM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Uninstall List

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
BitComet 0.97
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
Browser Optimizer Dcads
Camtasia Studio 5
Conexant HDA D110 MDC V.92 Modem
CuteFTP 8 Professional
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Image Grabber II
Intel® PROSet/Wireless Software
Internet Download Manager
InterVideo WinDVD Creator 3
iTunes
Java™ 6 Update 3
LimeWire PRO 4.14.12
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic ISO Maker v5.4 (build 0251)
mCore
mDriver
mDrWiFi
MediaCorp MOBTV Download Manager
MemoriesOnTV 4.0.1
MemoriesOnTV ClipShow Volume 1.1
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Monopoly Here & Now
MpcStar 2.2
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
Nero 8
neroxml
Panda ActiveScan
Panda Antivirus 2008
PowerISO
QuickTime
RandomMahjong (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Selteco Bannershop GIF Animator
SigmaTel Audio
Sony Ericsson PC300 Wireless Modem
Sony Ericsson Wireless Manager 5
Sony Vegas Pro 8.0
Storm Codec
Total Video Converter 2.52
Tunebite 4.1.0.35
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VCRedistSetup
Web Tools from CoffeeCup
Windows Desktop Search 3.01
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
  • 0

#5
Noviciate
Posted 31 January 2008 - 01:47 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • Please Note: This may require the PC to be rebooted so close any programs you have open before you start.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have Norton Anti Virus installed, and your version has this option, as it will interfere with the normal working of this tool.
  • Should any security program warnings appear, ignore them as they are false-positives - this tool isn't malicious.

  • 0

#6
woodland-valley
Posted 31 January 2008 - 08:19 PM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-02.01.1 - @dmin 2008-02-01 9:32:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.507 [GMT -8:00]
Running from: C:\Documents and Settings\@dmin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\drivers\lyyidtnb.dat
C:\WINDOWS\system32\sys_dll.dll
C:\WINDOWS\system32\vfolx32n.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CNNNSOFT
-------\cnnnsoft


((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-01 09:31 . 2008-02-01 09:34 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-01-29 17:25 . 2008-01-29 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-29 17:24 . 2008-01-29 21:31 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-01-29 17:24 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-01-29 17:24 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-01-29 17:24 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-01-29 17:24 . 2008-01-29 17:24 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-01-29 17:23 . 2008-01-29 17:23 <DIR> d-------- C:\Program Files\Panda Security
2008-01-29 10:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-29 10:32 . 2008-01-29 11:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-29 10:32 . 2008-01-29 10:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-29 06:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-29 06:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-28 22:51 . 2008-01-28 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 11:13 . 2008-01-28 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-27 21:51 . 2008-01-27 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 17:05 . 2008-01-26 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-01-26 17:04 . 2008-01-26 17:04 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\GlobalSCAPE
2008-01-24 13:14 . 2008-01-24 13:14 <DIR> d-------- C:\Program Files\TechSmith
2008-01-24 13:14 . 2008-01-24 13:14 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-01-24 13:14 . 2008-01-24 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-01-21 12:49 . 2008-01-21 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 12:48 . 2008-01-29 11:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 12:48 . 2008-01-29 11:33 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\SUPERAntiSpyware.com
2008-01-20 23:02 . 2008-01-20 23:02 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\CoffeeCup Software
2008-01-18 23:07 . 2008-01-19 15:34 641 --a------ C:\WINDOWS\win.tmp
2008-01-18 23:07 . 2007-12-17 01:49 231 --a------ C:\WINDOWS\system.tmp
2008-01-18 23:02 . 2008-01-18 23:02 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\PC Tools
2008-01-17 10:49 . 2008-01-29 10:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-17 10:49 . 2008-01-29 10:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-15 23:41 . 2008-01-15 23:41 <DIR> d-------- C:\Documents and Settings\@dmin\System
2008-01-15 23:41 . 2008-01-15 23:41 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\SmartDraw
2008-01-15 23:41 . 2008-01-15 23:51 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\FotoFinish
2008-01-15 16:59 . 2008-01-15 16:59 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Opera
2008-01-15 16:45 . 2008-01-15 16:45 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-15 10:47 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-01-15 04:14 . 2008-01-15 11:24 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\EBookSys
2008-01-14 22:40 . 2008-01-31 08:55 3,578 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-14 22:28 . 2008-01-15 23:00 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-01-14 21:19 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\CoffeeCup
2008-01-14 17:20 . 2007-07-27 07:59 343,424 -ra------ C:\WINDOWS\system32\drivers\sembunic.sys
2008-01-14 17:20 . 2007-07-27 07:59 24,960 -ra------ C:\WINDOWS\system32\drivers\sembnd5.sys
2008-01-14 17:20 . 2007-07-27 07:58 10,752 -ra------ C:\WINDOWS\system32\drivers\sembcr.sys
2008-01-14 17:18 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-01-14 17:18 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-01-14 17:17 . 2008-01-14 17:18 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-14 17:17 . 2008-01-14 17:17 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Sony Ericsson
2008-01-14 00:10 . 2008-01-14 01:05 <DIR> d-------- C:\Program Files\MemoriesOnTV4
2008-01-14 00:10 . 2006-10-02 12:38 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-01-13 23:35 . 2008-01-13 23:35 <DIR> d-------- C:\WINDOWS\Monopoly Here & Now Edition
2008-01-13 23:24 . 2008-01-13 23:29 16 --a------ C:\WINDOWS\popcinfo.dat
2008-01-13 23:23 . 2008-01-13 23:23 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-01-13 23:08 . 2008-01-13 23:08 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Windows Desktop Search
2008-01-13 23:01 . 2008-01-29 11:24 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-01-12 15:22 . 2008-01-15 16:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-12 15:20 . 2008-01-12 15:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-12 13:52 . 2008-01-12 13:44 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-12 12:53 . 2008-01-29 11:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-12 12:44 . 2008-01-12 12:44 <DIR> d-------- C:\Program Files\Vstplugins
2008-01-12 12:44 . 2008-01-12 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-12 12:39 . 2008-01-23 12:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-12 12:38 . 2008-01-12 12:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-12 12:38 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-12 12:31 . 2008-01-12 12:31 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Sony Setup
2008-01-12 09:59 . 2008-01-12 09:59 <DIR> d-------- C:\Program Files\Sony Setup
2008-01-12 09:45 . 2008-01-12 12:53 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Sony
2008-01-12 09:45 . 2008-01-12 09:45 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Publish Providers
2008-01-12 03:01 . 2008-01-12 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-11 07:18 . 2008-01-11 07:18 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Nero
2008-01-11 07:13 . 2008-01-11 07:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-11 07:13 . 2008-01-11 07:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-10 16:51 . 2008-01-24 13:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-10 15:29 . 2008-01-29 12:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-10 10:01 . 2008-01-29 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-09 23:37 . 2008-01-12 12:43 <DIR> d-------- C:\Program Files\Sony
2008-01-09 17:51 . 2008-01-09 17:51 73,728 --a------ C:\WINDOWS\system32\scard.dll
2008-01-09 17:51 . 2008-01-09 17:51 49,152 --a------ C:\WINDOWS\system32\scdll32.dll
2008-01-09 17:07 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-09 17:01 . 2008-01-09 17:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-08 11:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-08 11:18 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-08 11:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-08 11:18 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-04 13:43 . 2008-01-04 13:43 <DIR> d-------- C:\Documents and Settings\@dmin\Application Data\Apple Computer
2008-01-04 13:37 . 2005-10-20 17:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-01-04 13:37 . 2005-10-20 17:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-01-03 09:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-03 09:49 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 17:36 6,291,456 ---ha-w C:\Documents and Settings\@dmin\NTUSER.DAT
2008-01-31 23:46 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Adobe
2008-01-31 03:02 --------- d-----w C:\Documents and Settings\@dmin\Application Data\DMCache
2008-01-30 01:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 19:21 --------- d-----w C:\Program Files\MSN Messenger
2008-01-29 19:12 --------- d-----w C:\Program Files\Internet Download Manager
2008-01-25 16:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 21:14 --------- d-----w C:\Documents and Settings\@dmin\Application Data\tunebite
2008-01-19 19:55 --------- d-s---w C:\Documents and Settings\@dmin\Application Data\Microsoft
2008-01-15 06:21 --------- d-----w C:\Documents and Settings\@dmin\Application Data\LimeWire
2008-01-12 20:42 --------- d-----w C:\Program Files\MSBuild
2008-01-11 15:13 --------- d-----w C:\Program Files\Nero
2008-01-11 15:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-10 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-10 01:07 --------- d-----w C:\Program Files\Java
2007-12-31 08:18 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Ahead
2007-12-26 04:02 --------- d-----w C:\Program Files\iPod
2007-12-26 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 04:01 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 04:00 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-26 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 02:21 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-12-21 02:20 --------- d-----w C:\Program Files\InterVideo
2007-12-19 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-19 19:41 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-19 18:32 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Macromedia
2007-12-19 18:31 --------- d-----w C:\Program Files\Macromedia
2007-12-19 18:31 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-19 06:48 --------- d-----w C:\Documents and Settings\@dmin\Application Data\IDM
2007-12-19 06:21 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Real
2007-12-19 05:27 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Media Player Classic
2007-12-18 16:49 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-18 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-18 08:02 --------- d-----w C:\Documents and Settings\@dmin\Application Data\RapidSolution Software AG
2007-12-18 07:52 --------- d-----w C:\Program Files\Common Files\Real
2007-12-18 07:38 --------- d-----w C:\Program Files\BitComet
2007-12-18 07:02 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Sun
2007-12-18 06:21 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-18 05:57 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-12-18 05:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-12-18 05:57 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-12-18 05:57 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Intel
2007-12-18 05:56 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-18 05:56 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-12-18 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-12-18 05:55 --------- d-----w C:\Program Files\Intel
2007-12-18 05:45 --------- d-----w C:\Program Files\Toshiba
2007-12-18 05:45 --------- d-----w C:\Documents and Settings\@dmin\Application Data\TOSHIBA
2007-12-18 05:34 --------- d-----w C:\Program Files\Dell
2007-12-18 05:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 20:15 --------- d-----w C:\Program Files\CONEXANT
2007-12-17 19:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-17 19:37 --------- d-----w C:\Program Files\SigmaTel
2007-12-17 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-17 19:19 --------- d-----w C:\Program Files\Microsoft Works
2007-12-17 19:10 --------- d-----w C:\Program Files\Broadcom
2007-12-17 18:59 --------- d-----w C:\Program Files\Common Files\L&H
2007-12-17 18:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-17 18:04 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-17 18:04 --------- d-----w C:\Documents and Settings\@dmin\Application Data\Identities
2007-12-17 17:57 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Anti Trojan Elite"="D:\Program Files\Anti Trojan Elite\TJEnder.exe" [ ]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

R3 sembbus;SEMC WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sembbus.sys [2007-07-27 07:59]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sembcard.sys [2007-07-27 07:59]
R3 sembmdfl;Sony Ericsson PC300 Wireless Data Modem Filter;C:\WINDOWS\system32\DRIVERS\sembmdfl.sys [2007-07-27 07:58]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;C:\WINDOWS\system32\DRIVERS\sembmdfl2.sys [2007-07-27 08:01]
R3 sembmdm;Sony Ericsson PC300 Wireless Data Modem Driver;C:\WINDOWS\system32\DRIVERS\sembmdm.sys [2007-07-27 07:58]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;C:\WINDOWS\system32\DRIVERS\sembmdm2.sys [2007-07-27 08:01]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sembmgmt.sys [2007-07-27 07:59]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);C:\WINDOWS\system32\DRIVERS\sembnd5.sys [2007-07-27 07:59]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);C:\WINDOWS\system32\DRIVERS\sembunic.sys [2007-07-27 07:59]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sembwwan.sys [2007-07-27 07:59]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\sesc.sys [2007-08-14 10:15]
S3 ATE_PROCMON;ATE_PROCMON;D:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CSRBC;CSRBC.Sys CSR test driver;C:\WINDOWS\system32\Drivers\csrbcxp.sys [2007-01-16 10:22]
S3 SCM488C;SCM Microsystems SCR120 PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\pscr.sys [2001-08-17 13:51]
S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys [2002-08-22 01:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e89e7916-ba23-11dc-b0d4-00188bbfced3}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e89e7919-ba23-11dc-b0d4-00188bbfced3}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 09:37:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
.
**************************************************************************
.
Completion time: 2008-02-01 9:39:09 - machine was rebooted
.
2008-01-23 20:01:21 --- E O F ---
  • 0

#7
woodland-valley
Posted 31 January 2008 - 08:20 PM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:23 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7858 bytes
  • 0

#8
woodland-valley
Posted 31 January 2008 - 08:21 PM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi bosss, thks for the help. will monitor for 1-2 days :)
  • 0

#9
woodland-valley
Posted 01 February 2008 - 09:42 AM

woodland-valley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi, thks for yr help! everything seem back to normal... :) you may close this thread.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP