Jump to content

yugonkim

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by yugonkim

  1. Hello, I didnt set the desktop component... Should I be concerned? Anyways here are the logs... How does it look? ComboFix 09-10-06.04 - Yugon Kim 10/07/2009 20:15.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1105 [GMT -4:00] Running from: c:\documents and settings\Yugon Kim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Yugon Kim\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\windows\system32\muzajamo.dll file zipped: C:\xEY0x.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\muzajamo.dll C:\xEY0x.bat . ((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))))) . 2009-10-08 00:08 . 2009-10-08 00:08 -------- d-----w- c:\windows\LastGood 2009-10-07 00:40 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-27 23:00 . 2009-09-27 23:00 -------- d-----w- c:\documents and settings\Yugon Kim\Local Settings\Application Data\Xobni 2009-09-27 22:59 . 2009-09-27 23:00 -------- d-----w- c:\program files\Xobni 2009-09-27 22:58 . 2009-09-27 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-09-27 22:58 . 2009-10-05 23:56 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Azureus 2009-09-27 22:58 . 2009-09-27 22:58 -------- d-----w- c:\program files\Vuze . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-07 02:58 . 2008-06-21 23:54 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Skype 2009-10-07 00:28 . 2008-06-21 23:55 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\skypePM 2009-10-06 02:59 . 2006-12-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-05 23:59 . 2008-07-06 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-27 22:58 . 2006-04-06 08:07 55840 ----a-w- c:\documents and settings\Yugon Kim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-27 22:53 . 2007-03-13 22:17 -------- d-----w- c:\program files\Common Files\Macromedia 2009-09-27 22:53 . 2007-03-13 22:17 -------- d-----w- c:\program files\Macromedia 2009-09-27 22:46 . 2006-03-31 14:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-27 22:41 . 2007-02-04 17:13 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\McNeel 2009-09-27 22:41 . 2006-04-06 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McNeel 2009-09-20 04:15 . 2009-02-09 03:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-16 20:29 . 2006-03-31 14:15 90112 ----a-w- c:\windows\DUMP4601.tmp 2009-09-12 23:33 . 2009-02-09 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 18:54 . 2009-02-09 03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-02-09 03:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 12:15 . 2006-04-06 13:47 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-21 22:07 . 2009-08-07 17:58 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-08-21 22:07 . 2009-08-07 17:56 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-08-21 22:07 . 2009-08-07 18:00 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Nikon 2009-08-21 01:47 . 2009-08-20 01:18 139651 ----a-w- C:\MGlogs.zip 2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\Trend Micro 2009-08-20 02:47 . 2008-06-18 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-20 02:13 . 2009-08-20 02:13 3166768 ----a-r- C:\ComboFix .exe 2009-08-20 01:38 . 2006-08-01 19:07 -------- d-----w- c:\program files\iPod 2009-08-20 01:36 . 2008-11-19 02:29 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Move Networks 2009-08-20 01:17 . 2009-02-09 03:42 1344235 ----a-w- C:\MGtools.exe 2009-08-19 01:39 . 2009-08-19 01:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avaya 2009-08-15 14:31 . 2009-02-02 13:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-15 14:31 . 2008-06-18 04:51 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-15 14:31 . 2008-06-18 04:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-09 21:52 . 2009-07-31 16:25 -------- d-----w- c:\program files\Common Files\Nikon 2009-08-07 17:56 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-07_00.25.17 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-27 08:45 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2006-12-26 23:45 . 2007-07-27 14:41 16760 c:\windows\system32\spmsg.dll - 1980-01-01 07:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll + 1980-01-01 07:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll - 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll + 1980-01-01 07:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll - 1980-01-01 07:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll - 1980-01-01 07:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 1980-01-01 07:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2009-04-16 12:22 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] "Google Update"="c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-20 1998576] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-07-13 169264] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-22 1996336] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= c:\windows\system32\onhelp.htm FriendlyName= tets [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-20 04:15 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 14:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-10-27 14:57 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy ACGina psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SDhelper"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"= "c:\\kav\\kis\\setup.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19981:TCP"= 19981:TCP:BitComet 19981 TCP "19981:UDP"= 19981:UDP:BitComet 19981 UDP "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 12:33 PM 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 12:32 PM 19504] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 12:51 AM 335240] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 74480] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [3/31/2006 10:59 AM 4442] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/2/2009 9:18 AM 297752] R2 hdlSrv;Cruzer Desktop Environment;c:\program files\SanDisk\hdlSrv.exe [8/30/2007 3:48 PM 122880] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [12/21/2005 8:14 PM 12544] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/24/2008 10:29 PM 47640] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 4:11 PM 46142] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968] R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [8/14/2007 10:46 AM 10896] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/24/2009 7:57 AM 92008] R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 9:21 PM 45288] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] S1 89be339e;89be339e;c:\windows\system32\drivers\89be339e.sys --> c:\windows\system32\drivers\89be339e.sys [?] S2 TPFanControl;TPFanControl;c:\tpfancontrol\fancontrol_service.exe [1/5/2008 12:50 PM 143360] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 RFNP32;WebDrive; [x] . Contents of the 'Scheduled Tasks' folder 2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-10-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-07 04:28] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113099505-1865261519-2008099754-1005Core.job - c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:33] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113099505-1865261519-2008099754-1005UA.job - c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:33] 2009-02-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56] 2009-10-08 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-03-31 23:30] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = www.cnn.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} - hxxps://expertslive.lenovo.com/home/activex/actx.cab FF - ProfilePath - c:\documents and settings\Yugon Kim\Application Data\Mozilla\Firefox\Profiles\ivc2swxf.default\ FF - prefs.js: browser.startup.homepage - www.cnn.com FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Yugon Kim\Application Data\Mozilla\Firefox\Profiles\ivc2swxf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-07 20:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91FA78BC-641E-4329-C41B32C9E0F96EA6}\{25E342AA-73A9-1FC4-4AC5C50BDBE96017}\{04863130-DE8E-7A09-D0B765EBFF2273E8}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(964) c:\windows\system32\vrlogon.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\windows\system32\netprovcredman.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(1020) c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll . Completion time: 2009-10-08 20:25 ComboFix-quarantined-files.txt 2009-10-08 00:25 ComboFix2.txt 2009-10-07 00:35 Pre-Run: 3,817,553,920 bytes free Post-Run: 3,792,142,336 bytes free 287 --- E O F --- 2009-10-08 00:13 Upload was successful Scanning Report Thursday, October 8, 2009 19:41:36 - 21:07:47 Computer name: AYJA Scanning type: Scan system for malware, spyware and rootkits Target: C:\ 1 malware found TrackingCookie.Revsci (spyware) System (Disinfected) Statistics Scanned: Files: 79689 System: 5914 Not scanned: 19 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\GOBACKIO.BIN C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\TEMP\ETILQS_EWNLTO5LAHR3ELTYCBYY C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\TEMP\ETILQS_OZI7HYLB8SVATWZPJ5AX C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\TEMP\ETILQS_MXNRKXCPDBSVAXBZVAWG C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\ARCHIVED HISTORY-JOURNAL C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY INDEX 2009-07-JOURNAL C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY INDEX 2009-10-JOURNAL C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY-JOURNAL C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\THUMBNAILS-JOURNAL C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\VISITED LINKS C:\DOCUMENTS AND SETTINGS\YUGON KIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA-JOURNAL Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics Copyright
  2. whoops and here is the hijack log.... thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:47:51 PM, on 10/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\SanDisk\hdlSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Xobni\XobniService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://collaborate.burthill.com/qp2.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} (Actx Control) - https://expertslive.lenovo.com/home/activex/actx.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cruzer Desktop Environment (hdlSrv) - Unknown owner - C:\Program Files\SanDisk\hdlSrv.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TPFanControl - Unknown owner - c:\tpfancontrol\fancontrol_service.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm -- End of file - 15616 bytes
  3. Hello Here is the combo fix log. Thanks again for the help! ComboFix 09-10-06.03 - Yugon Kim 10/06/2009 20:07.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1235 [GMT -4:00] Running from: c:\documents and settings\Yugon Kim\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\dvrdiqbe.exe c:\windows\system32\hjgruiamevmaut.dat c:\windows\system32\hjgruiwhnbsiuj.dat c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_hjgruiuodioibc -------\Service_hjgruiuodioibc ((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 ))))))))))))))))))))))))))))))) . 2009-09-27 23:00 . 2009-09-27 23:00 -------- d-----w- c:\documents and settings\Yugon Kim\Local Settings\Application Data\Xobni 2009-09-27 22:59 . 2009-09-27 23:00 -------- d-----w- c:\program files\Xobni 2009-09-27 22:58 . 2009-09-27 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-09-27 22:58 . 2009-10-05 23:56 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Azureus 2009-09-27 22:58 . 2009-09-27 22:58 -------- d-----w- c:\program files\Vuze 2009-09-16 18:44 . 2009-09-16 18:44 2198 ----a-w- C:\xEY0x.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-06 03:43 . 2008-06-21 23:54 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Skype 2009-10-06 02:59 . 2006-12-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-06 00:02 . 2008-06-21 23:55 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\skypePM 2009-10-05 23:59 . 2008-07-06 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-27 22:58 . 2006-04-06 08:07 55840 ----a-w- c:\documents and settings\Yugon Kim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-27 22:53 . 2007-03-13 22:17 -------- d-----w- c:\program files\Common Files\Macromedia 2009-09-27 22:53 . 2007-03-13 22:17 -------- d-----w- c:\program files\Macromedia 2009-09-27 22:46 . 2006-03-31 14:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-27 22:41 . 2007-02-04 17:13 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\McNeel 2009-09-27 22:41 . 2006-04-06 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McNeel 2009-09-20 04:15 . 2009-02-09 03:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-16 20:29 . 2006-03-31 14:15 90112 ----a-w- c:\windows\DUMP4601.tmp 2009-09-12 23:33 . 2009-02-09 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 18:54 . 2009-02-09 03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-02-09 03:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 12:15 . 2006-04-06 13:47 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-21 22:07 . 2009-08-07 17:58 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-08-21 22:07 . 2009-08-07 17:56 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-08-21 22:07 . 2009-08-07 18:00 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Nikon 2009-08-21 01:47 . 2009-08-20 01:18 139651 ----a-w- C:\MGlogs.zip 2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\Trend Micro 2009-08-20 02:47 . 2008-06-18 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-20 02:13 . 2009-08-20 02:13 3166768 ----a-r- C:\ComboFix .exe 2009-08-20 01:38 . 2006-08-01 19:07 -------- d-----w- c:\program files\iPod 2009-08-20 01:36 . 2008-11-19 02:29 -------- d-----w- c:\documents and settings\Yugon Kim\Application Data\Move Networks 2009-08-20 01:17 . 2009-02-09 03:42 1344235 ----a-w- C:\MGtools.exe 2009-08-19 01:39 . 2009-08-19 01:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avaya 2009-08-15 14:31 . 2009-02-02 13:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-15 14:31 . 2008-06-18 04:51 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-15 14:31 . 2008-06-18 04:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-09 21:52 . 2009-07-31 16:25 -------- d-----w- c:\program files\Common Files\Nikon 2009-08-07 17:56 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-03-22 03:46 . 2009-03-22 03:46 2713 --sh--w- c:\windows\system32\muzajamo.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] "Google Update"="c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-20 1998576] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-07-13 169264] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-22 1996336] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= c:\windows\system32\onhelp.htm FriendlyName= tets [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-20 04:15 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 14:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-10-27 14:57 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy ACGina psqlpwd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SDhelper"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"= "c:\\kav\\kis\\setup.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19981:TCP"= 19981:TCP:BitComet 19981 TCP "19981:UDP"= 19981:UDP:BitComet 19981 UDP "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 12:33 PM 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 12:32 PM 19504] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 12:51 AM 335240] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 74480] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [3/31/2006 10:59 AM 4442] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/2/2009 9:18 AM 297752] R2 hdlSrv;Cruzer Desktop Environment;c:\program files\SanDisk\hdlSrv.exe [8/30/2007 3:48 PM 122880] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [12/21/2005 8:14 PM 12544] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/24/2008 10:29 PM 47640] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 4:11 PM 46142] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968] R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [8/14/2007 10:46 AM 10896] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/24/2009 7:57 AM 92008] R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 9:21 PM 45288] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] S1 89be339e;89be339e;c:\windows\system32\drivers\89be339e.sys --> c:\windows\system32\drivers\89be339e.sys [?] S2 TPFanControl;TPFanControl;c:\tpfancontrol\fancontrol_service.exe [1/5/2008 12:50 PM 143360] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 RFNP32;WebDrive; [x] . Contents of the 'Scheduled Tasks' folder 2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-10-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-07 04:28] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113099505-1865261519-2008099754-1005Core.job - c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:33] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113099505-1865261519-2008099754-1005UA.job - c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:33] 2009-02-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56] 2009-10-07 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-03-31 23:30] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = www.cnn.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} - hxxps://expertslive.lenovo.com/home/activex/actx.cab FF - ProfilePath - c:\documents and settings\Yugon Kim\Application Data\Mozilla\Firefox\Profiles\ivc2swxf.default\ FF - prefs.js: browser.startup.homepage - www.cnn.com FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Yugon Kim\Application Data\Mozilla\Firefox\Profiles\ivc2swxf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\Yugon Kim\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) Notify-opnkKaYS - opnkKaYS.dll MSConfigStartUp-tunebite - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-06 20:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91FA78BC-641E-4329-C41B32C9E0F96EA6}\{25E342AA-73A9-1FC4-4AC5C50BDBE96017}\{04863130-DE8E-7A09-D0B765EBFF2273E8}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(964) c:\windows\system32\vrlogon.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1020) c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll - - - - - - - > 'explorer.exe'(5864) c:\windows\system32\WININET.dll c:\program files\Norton SystemWorks\Norton GoBack\ShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\netprovcredman.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\mshtml.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Norton SystemWorks\Norton GoBack\GBPoll.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Maxtor\Sync\SyncServices.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\system32\wscntfy.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\rundll32.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\ThinkPad\Bluetooth Software\BTTray.exe c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe c:\program files\Digital Line Detect\DLG.exe c:\program files\Norton SystemWorks\Norton GoBack\GBTray.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-10-07 20:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-07 00:35 Pre-Run: 3,517,030,400 bytes free Post-Run: 3,875,803,136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 362 --- E O F --- 2009-08-14 16:09
  4. Hello All, can someone please help me clean my system? See attached the log from the quick scan. Thanks in advance! Yugon Malwarebytes' Anti-Malware 1.41 Database version: 2916 Windows 5.1.2600 Service Pack 3 10/6/2009 6:57:56 PM mbam-log-2009-10-06 (18-57-56).txt Scan type: Quick Scan Objects scanned: 111427 Time elapsed: 12 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Please can some advise me on how to get rid of these two trojan.tdss? PLEASE!
  6. Bump. Hi all. I am desperate to resolve this malware issue. Every time I reboot, malwarebytes find the same two issues. Can someone advise me? Thanks in advance! Y.
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:48:21 PM, on 8/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\SanDisk\hdlSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe c:\tpfancontrol\fancontrol_service.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\WebDrive\wdservice.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Yugon Kim\My Documents\Downloads\ATF-Cleaner.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Yugon Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://collaborate.burthill.com/qp2.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} (Actx Control) - https://expertslive.lenovo.com/home/activex/actx.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: opnkKaYS - opnkKaYS.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cruzer Desktop Environment (hdlSrv) - Unknown owner - C:\Program Files\SanDisk\hdlSrv.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TPFanControl - Unknown owner - c:\tpfancontrol\fancontrol_service.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm -- End of file - 16814 bytes Malwarebytes' Anti-Malware 1.40 Database version: 2647 Windows 5.1.2600 Service Pack 3 8/19/2009 7:47:34 PM mbam-log-2009-08-19 (19-47-34).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 273243 Time elapsed: 59 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\hjgruiqghhskqo.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\hjgruiqghhskqo.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.