HELP! system32:dllhost.exe [RESOLVED]
Started by
micek206
, Jul 09 2008 09:56 AM
-
This topic is locked
#17
Posted 11 July 2008 - 04:20 AM
micek206
- Topic Starter
-
- Member
-
- 13 posts
Member
Here you go! Sorry, I didn't see that you posted afer me haha...
Btw, I scanned the whole computer twice, and everything crashed at the end, but he found only on C drive infected files, so I scanned for the third time just that
OTMOVEIT LOG
C:\WINDOWS\system32\HackIt.cmd moved successfully.
< @C:\WINDOWS\system32:dllhost.exe >
Unable to delete ADS C:\WINDOWS\system32:dllhost.exe .
C:\Documents and Settings\Hinamori\Application Data\IMVU\ProductFiles moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU\Cache moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU\avpics moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU moved successfully.
C:\Program Files\IMVU\_install moved successfully.
C:\Program Files\IMVU\resources moved successfully.
C:\Program Files\IMVU\data moved successfully.
C:\Program Files\IMVU moved successfully.
< HKLM\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B}\\ deleted successfully.
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\\ deleted successfully.
< emptytemp >
File delete failed. C:\DOCUME~1\Hinamori\LOCALS~1\Temp\~DF589A.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_142611
Files moved on Reboot...
C:\DOCUME~1\Hinamori\LOCALS~1\Temp\~DF589A.tmp moved successfully.
MBAM LOG
Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2
14:39:05 10.7.2008
mbam-log-7-10-2008 (14-39-05).txt
Scan type: Quick Scan
Objects scanned: 40776
Time elapsed: 5 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{23ed2206-856d-461a-bbcf-1c2466ac5ae3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinamori\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
KASPERSKY
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 10, 2008 19:43:30
Records in database: 935065
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Folder:
C:\
Scan statistics:
Files scanned: 63248
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:01:09
File name / Threat name / Threats count
C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll Infected: not-a-virus:AdWare.Win32.Mostofate.p 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
The selected area was scanned.
Btw, I scanned the whole computer twice, and everything crashed at the end, but he found only on C drive infected files, so I scanned for the third time just that
OTMOVEIT LOG
C:\WINDOWS\system32\HackIt.cmd moved successfully.
< @C:\WINDOWS\system32:dllhost.exe >
Unable to delete ADS C:\WINDOWS\system32:dllhost.exe .
C:\Documents and Settings\Hinamori\Application Data\IMVU\ProductFiles moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU\Cache moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU\avpics moved successfully.
C:\Documents and Settings\Hinamori\Application Data\IMVU moved successfully.
C:\Program Files\IMVU\_install moved successfully.
C:\Program Files\IMVU\resources moved successfully.
C:\Program Files\IMVU\data moved successfully.
C:\Program Files\IMVU moved successfully.
< HKLM\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1615DBE6-CB07-A8A9-52FA-66BBF0AC000B}\\ deleted successfully.
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\\ deleted successfully.
< emptytemp >
File delete failed. C:\DOCUME~1\Hinamori\LOCALS~1\Temp\~DF589A.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_142611
Files moved on Reboot...
C:\DOCUME~1\Hinamori\LOCALS~1\Temp\~DF589A.tmp moved successfully.
MBAM LOG
Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2
14:39:05 10.7.2008
mbam-log-7-10-2008 (14-39-05).txt
Scan type: Quick Scan
Objects scanned: 40776
Time elapsed: 5 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{23ed2206-856d-461a-bbcf-1c2466ac5ae3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hinamori\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
KASPERSKY
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 10, 2008 19:43:30
Records in database: 935065
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Folder:
C:\
Scan statistics:
Files scanned: 63248
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:01:09
File name / Threat name / Threats count
C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll Infected: not-a-virus:AdWare.Win32.Mostofate.p 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
The selected area was scanned.
Edited by micek206, 11 July 2008 - 04:21 AM.
#18
Posted 11 July 2008 - 04:36 AM
Mike
-
- Retired Staff
-
- 2,745 posts
Malware Monger
Hi, Re-run DSS for me and post main.txt please.
#19
Posted 11 July 2008 - 05:06 AM
micek206
- Topic Starter
-
- Member
-
- 13 posts
Member
Deckard's System Scanner v20071014.68
Run by Hinamori on 2008-07-11 13:17:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Hinamori.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:01, on 11.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Opera\Opera.exe
D:\~ Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hinamori.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.htnet.hr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.htnet.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = HTnet Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {04D3FBA8-DF9B-4091-AEE5-F715573F9F84} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.htnet.hr/
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7702 bytes
-- Files created between 2008-06-11 and 2008-07-11 -----------------------------
2040-01-21 16:42:40 0 d-------- C:\c6a1f6e119dc0aef156605294e24d6
2008-07-10 14:31:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Malwarebytes
2008-07-10 14:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:31:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 16:00:45 0 d-------- C:\Documents and Settings\Hinamori\Application Data\TuneUp Software
2008-07-09 15:47:08 0 d-------- C:\Documents and Settings\Hinamori\Application Data\URSoft
2008-07-09 15:47:05 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Thinstall
2008-07-09 15:06:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 15:05:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 15:05:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\SUPERAntiSpyware.com
2008-07-09 15:05:02 0 d-------- C:\Program Files\Trend Micro
2008-07-09 15:01:52 0 d-------- C:\Program Files\CCleaner
2008-07-09 13:58:25 0 d-------- C:\Program Files\DAEMON Tools
2008-07-09 13:58:25 0 d-------- C:\Documents and Settings\Hinamori\Application Data\WinRAR
2008-07-09 13:58:14 0 d-------- C:\Documents and Settings\Hinamori\Application Data\vlc
2008-07-08 23:33:31 596992 --a------ C:\WINDOWS\system32\rave.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Rendering Acceleration Virtual Engine - RAVE>
2008-07-08 23:33:31 969216 --a------ C:\WINDOWS\system32\qd3d.dll <Not Verified; Apple Computer Inc.; Apple Computer, Inc. QuickDraw 3D>
2008-07-08 23:33:31 126976 --a------ C:\WINDOWS\system32\3DViewer.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Viewer Controller>
2008-07-08 15:46:27 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Opera
2008-07-08 15:46:12 0 d-------- C:\Program Files\Opera
2008-06-17 12:42:04 0 d-------- C:\Program Files\ALNO
2008-06-16 17:37:55 0 d-------- C:\Documents and Settings\Hinamori\System
2008-06-16 17:37:55 0 d-------- C:\Documents and Settings\Hinamori\Application Data\SmartDraw
2008-06-16 17:30:30 0 d-------- C:\Program Files\SmartDraw 2008
2008-06-16 12:31:12 0 d-------- C:\Program Files\SopCast
2008-06-15 14:19:18 0 d-------- C:\Program Files\IKEA HomePlanner
2008-06-15 14:18:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
-- Find3M Report ---------------------------------------------------------------
2008-07-11 13:17:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\uTorrent
2008-07-11 12:18:55 0 d-------- C:\Program Files\Lx_cats
2008-07-10 14:52:15 0 d-------- C:\Program Files\Java
2008-07-10 13:42:13 0 d-------- C:\Program Files\mIRC
2008-07-09 17:55:09 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-07-09 17:51:36 0 d-------- C:\Program Files\Common Files
2008-07-09 15:59:06 0 d-------- C:\Program Files\NJStar Japanese WP
2008-07-09 13:58:26 0 dr-h----- C:\Documents and Settings\Hinamori\Application Data\yahoo!
2008-07-09 13:58:24 0 d-------- C:\Documents and Settings\Hinamori\Application Data\CyberLink
2008-07-09 13:58:14 0 d-------- C:\Program Files\Total Uninstall 4
2008-07-09 13:56:15 0 d-------- C:\Program Files\D-Tools
2008-07-09 13:56:03 0 d-------- C:\Program Files\Yahoo!
2008-07-08 16:45:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 16:41:41 0 d-------- C:\Program Files\The KMPlayer
2008-07-08 16:25:35 562 --a------ C:\Documents and Settings\Hinamori\Application Data\AutoGK.ini
2008-06-29 11:32:24 0 d-------- C:\Program Files\Common Files\Real
2008-06-12 16:04:34 0 d-------- C:\Program Files\Blaze Media Pro
2008-05-26 17:58:21 0 d-------- C:\Documents and Settings\Hinamori\Application Data\temp
2008-05-14 01:10:22 0 d-------- C:\Program Files\Microsoft Research
2008-04-29 19:29:49 230432 --a------ C:\StiImg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [17.12.2003 12:53 C:\WINDOWS\system32\sstray.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11.11.2005 14:47]
"nwiz"="nwiz.exe" [11.11.2005 14:47 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11.11.2005 14:47]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [11.12.2005 12:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03.08.2004 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03.08.2004 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 22:32]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [20.07.2005 15:46]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [07.01.2006 03:36]
"BtcMaestro"="C:\Program Files\KMaestro\KMaestro.exe" [13.06.2005 03:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [09.07.2008 17:55]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [25.01.2008 15:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 480"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24.05.2006 20:31]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28.05.2008 10:33]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11.12.2005 1:13:13]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [21.11.2005 10:19:49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [09.10.2004 16:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13.05.2008 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus COLOR 480]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 4300 Series\ezprint.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
"C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-07-11 13:18:25 ------------
Run by Hinamori on 2008-07-11 13:17:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Hinamori.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:01, on 11.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Opera\Opera.exe
D:\~ Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hinamori.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.htnet.hr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.htnet.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = HTnet Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {04D3FBA8-DF9B-4091-AEE5-F715573F9F84} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.htnet.hr/
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7702 bytes
-- Files created between 2008-06-11 and 2008-07-11 -----------------------------
2040-01-21 16:42:40 0 d-------- C:\c6a1f6e119dc0aef156605294e24d6
2008-07-10 14:31:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Malwarebytes
2008-07-10 14:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:31:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 16:00:45 0 d-------- C:\Documents and Settings\Hinamori\Application Data\TuneUp Software
2008-07-09 15:47:08 0 d-------- C:\Documents and Settings\Hinamori\Application Data\URSoft
2008-07-09 15:47:05 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Thinstall
2008-07-09 15:06:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 15:05:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 15:05:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\SUPERAntiSpyware.com
2008-07-09 15:05:02 0 d-------- C:\Program Files\Trend Micro
2008-07-09 15:01:52 0 d-------- C:\Program Files\CCleaner
2008-07-09 13:58:25 0 d-------- C:\Program Files\DAEMON Tools
2008-07-09 13:58:25 0 d-------- C:\Documents and Settings\Hinamori\Application Data\WinRAR
2008-07-09 13:58:14 0 d-------- C:\Documents and Settings\Hinamori\Application Data\vlc
2008-07-08 23:33:31 596992 --a------ C:\WINDOWS\system32\rave.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Rendering Acceleration Virtual Engine - RAVE>
2008-07-08 23:33:31 969216 --a------ C:\WINDOWS\system32\qd3d.dll <Not Verified; Apple Computer Inc.; Apple Computer, Inc. QuickDraw 3D>
2008-07-08 23:33:31 126976 --a------ C:\WINDOWS\system32\3DViewer.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Viewer Controller>
2008-07-08 15:46:27 0 d-------- C:\Documents and Settings\Hinamori\Application Data\Opera
2008-07-08 15:46:12 0 d-------- C:\Program Files\Opera
2008-06-17 12:42:04 0 d-------- C:\Program Files\ALNO
2008-06-16 17:37:55 0 d-------- C:\Documents and Settings\Hinamori\System
2008-06-16 17:37:55 0 d-------- C:\Documents and Settings\Hinamori\Application Data\SmartDraw
2008-06-16 17:30:30 0 d-------- C:\Program Files\SmartDraw 2008
2008-06-16 12:31:12 0 d-------- C:\Program Files\SopCast
2008-06-15 14:19:18 0 d-------- C:\Program Files\IKEA HomePlanner
2008-06-15 14:18:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
-- Find3M Report ---------------------------------------------------------------
2008-07-11 13:17:46 0 d-------- C:\Documents and Settings\Hinamori\Application Data\uTorrent
2008-07-11 12:18:55 0 d-------- C:\Program Files\Lx_cats
2008-07-10 14:52:15 0 d-------- C:\Program Files\Java
2008-07-10 13:42:13 0 d-------- C:\Program Files\mIRC
2008-07-09 17:55:09 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-07-09 17:51:36 0 d-------- C:\Program Files\Common Files
2008-07-09 15:59:06 0 d-------- C:\Program Files\NJStar Japanese WP
2008-07-09 13:58:26 0 dr-h----- C:\Documents and Settings\Hinamori\Application Data\yahoo!
2008-07-09 13:58:24 0 d-------- C:\Documents and Settings\Hinamori\Application Data\CyberLink
2008-07-09 13:58:14 0 d-------- C:\Program Files\Total Uninstall 4
2008-07-09 13:56:15 0 d-------- C:\Program Files\D-Tools
2008-07-09 13:56:03 0 d-------- C:\Program Files\Yahoo!
2008-07-08 16:45:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 16:41:41 0 d-------- C:\Program Files\The KMPlayer
2008-07-08 16:25:35 562 --a------ C:\Documents and Settings\Hinamori\Application Data\AutoGK.ini
2008-06-29 11:32:24 0 d-------- C:\Program Files\Common Files\Real
2008-06-12 16:04:34 0 d-------- C:\Program Files\Blaze Media Pro
2008-05-26 17:58:21 0 d-------- C:\Documents and Settings\Hinamori\Application Data\temp
2008-05-14 01:10:22 0 d-------- C:\Program Files\Microsoft Research
2008-04-29 19:29:49 230432 --a------ C:\StiImg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [17.12.2003 12:53 C:\WINDOWS\system32\sstray.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11.11.2005 14:47]
"nwiz"="nwiz.exe" [11.11.2005 14:47 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11.11.2005 14:47]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [11.12.2005 12:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03.08.2004 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03.08.2004 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 22:32]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [20.07.2005 15:46]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [07.01.2006 03:36]
"BtcMaestro"="C:\Program Files\KMaestro\KMaestro.exe" [13.06.2005 03:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [09.07.2008 17:55]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [25.01.2008 15:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 480"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24.05.2006 20:31]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28.05.2008 10:33]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11.12.2005 1:13:13]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [21.11.2005 10:19:49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [09.10.2004 16:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13.05.2008 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus COLOR 480]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 4300 Series\ezprint.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
"C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-07-11 13:18:25 ------------
#20
Posted 11 July 2008 - 05:55 AM
Mike
-
- Retired Staff
-
- 2,745 posts
Malware Monger
Since you didn't do it before please do this now.
Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following
In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.
Double click on fix.bat.
Post back with the results, hows your pc running?
Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following
@Echo off
dir "C:\Documents and Settings\Hinamori\System">looksee.txt
reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run">>looksee.txt
notepad looksee.txt
del fix.bat
exit
In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.
Double click on fix.bat.
Post back with the results, hows your pc running?
#21
Posted 11 July 2008 - 06:12 AM
micek206
- Topic Starter
-
- Member
-
- 13 posts
Member
Oh,sorry.. I was doing this step with my friend, and he said it was ok, but we got something weird...
My pc is running ok like it used to, there's no problem... The main problem was that dllhost.exe that kept pooping up on startup
Volume in drive C is Kiyomeru
Volume Serial Number is 9CF9-F3BF
Directory of C:\Documents and Settings\Hinamori\System
16.06.2008 17:37 <DIR> .
16.06.2008 17:37 <DIR> ..
17.06.2008 11:27 86 win_qs8.jqx
1 File(s) 86 bytes
2 Dir(s) 18.958.721.024 bytes free
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus COLOR 480 REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
STYLEXP REG_SZ C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
<NO NAME> REG_SZ
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BtcMaestro
My pc is running ok like it used to, there's no problem... The main problem was that dllhost.exe that kept pooping up on startup
Volume in drive C is Kiyomeru
Volume Serial Number is 9CF9-F3BF
Directory of C:\Documents and Settings\Hinamori\System
16.06.2008 17:37 <DIR> .
16.06.2008 17:37 <DIR> ..
17.06.2008 11:27 86 win_qs8.jqx
1 File(s) 86 bytes
2 Dir(s) 18.958.721.024 bytes free
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus COLOR 480 REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
STYLEXP REG_SZ C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
<NO NAME> REG_SZ
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BtcMaestro
#22
Posted 11 July 2008 - 07:57 AM
Mike
-
- Retired Staff
-
- 2,745 posts
Malware Monger
Your logs look clean
You can keep or remove MalwareBytes' antimalware, just uninstall it if you no longer want it.
Let's remove the tools I had you use.
Please open OTMoveIt2:
Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.
First, click the System Restore tab.
Now that your are clean, you'll want to stay that way.
Some important things that you should keep in mind in order to protect yourself:
Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.
Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place
Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
You can keep or remove MalwareBytes' antimalware, just uninstall it if you no longer want it.
Let's remove the tools I had you use.
Please open OTMoveIt2:
- Double click OTMoveIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.
First, click the System Restore tab.
- Check the box beside "Turn off System Restore"
- Click "Apply"
- At the prompt, click "Yes"
- Uncheck the box beside "Turn off System Restore"
- Click "Apply"
- At the prompt, click "Yes"
Now that your are clean, you'll want to stay that way.
Some important things that you should keep in mind in order to protect yourself:
- Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
Things you can do to aviod downloading bad programs:- Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
- Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
- Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
- Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
- Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
- Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
- SpywareBlaster Take a look at the tutorial here.
- ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.
Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place
Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
#23
Posted 11 July 2008 - 02:34 PM
micek206
- Topic Starter
-
- Member
-
- 13 posts
Member
Hey, thanx a lot!! 
Everything is fiiiine... Really thank you for solving my problem Enjoy~
Everything is fiiiine... Really thank you for solving my problem Enjoy~
#24
Posted 11 July 2008 - 03:04 PM
Mike
-
- Retired Staff
-
- 2,745 posts
Malware Monger
I'm glad everything is running well
Take care and have a great day still!
Mike
Take care and have a great day still!
Mike
#25
Posted 11 July 2008 - 03:05 PM
Mike
-
- Retired Staff
-
- 2,745 posts
Malware Monger
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
