jaykim Posted July 13, 2008 ID:22687 Share Posted July 13, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 오전 12:06:25, on 2008-07-13Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\WINDOWS\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\ESTsoft\ALYac\AYAgent.ayeC:\Windows\System32\mobsync.exeC:\Program Files\Zerofile\ZerofileDown.exeC:\Windows\system32\taskeng.exeC:\Users\JaynMin\Downloads\spyware\HiJackThis.exeO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /runO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)O15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {023CA722-1E63-4E43-9C39-BB6D4A02F3E2} (Zerofile File Share Control 5) - http://www.zerofile.net/mmsv/ZerofileControl.CABO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - http://download.signgate.com/download/ews/...taller_full.cabO16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdfx218/kdfense8.cabO16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll,O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
jaykim Posted July 13, 2008 Author ID:22688 Share Posted July 13, 2008 panda scan.ANALYSIS: 2008-07-12 23:11:45PROTECTIONS: 1MALWARE: 3SUSPECTS: 0PROTECTIONSDescription Version Active UpdatedWindows Defender 1.1.3704.0 No NoMALWAREId Description Type Active Severity Disinfectable Disinfected Location00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\JaynMin\AppData\Roaming\Microsoft\Windows\Cookies\Low\jaynmin@com[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\JaynMin\AppData\Roaming\Microsoft\Windows\Cookies\Low\jaynmin@apmebf[1].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes Link to post Share on other sites More sharing options...
jaykim Posted July 13, 2008 Author ID:22689 Share Posted July 13, 2008 malwarebyte log..Malwarebytes' Anti-Malware 1.20Database version: 944Windows 6.0.6001 Service Pack 1오전 12:25:15 2008-07-13mbam-log-7-13-2008 (00-25-15).txtScan type: Quick ScanObjects scanned: 40086Time elapsed: 1 minute(s), 56 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I used to get FP files but once i reinstalled malwarebytes, it disappeared and now i don't see any item detected. However, I am still getting 724(0,9) error when i click on quarantine tab. Thank you! Link to post Share on other sites More sharing options...
JeanInMontana Posted July 13, 2008 ID:22722 Share Posted July 13, 2008 Hi jaykim and welcome to Malwarebytes. 오전 12:25:15 2008-07-13 Can you telll me what those strange characters are? They appear in the HJT log also whre the date should be. Please move HJT to C:\ no other folders before and run a new scan. Report the error message with MBAM in the MBAM forum. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 16, 2008 ID:23036 Share Posted July 16, 2008 Please respond or I will have to close this thread to keep others from posting to it. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 28, 2008 ID:23999 Share Posted July 28, 2008 Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts