Jump to content

intervalhehehe spyware =(


Recommended Posts

Malwarebytes' Anti-Malware 1.30

Database version: 1433

Windows 5.1.2600 Service Pack 2

11/28/2008 10:14:38 PM

mbam-log-2008-11-28 (22-14-38).txt

Scan type: Quick Scan

Objects scanned: 64309

Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 6

Memory Processes Infected:

C:\WINDOWS\system32\explore.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b385ee3-ee18-4c69-bf55-6b6b406ef591} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSbutv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:03 PM, on 11/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\VentSrv\ventrilo_svc.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\VMware\VMware Server\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\Program Files\Network LookOut Administrator Pro\bin\NLAgentPro.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.45.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.asdv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvtrv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.g.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.msasern.com

O1 - Hosts: 61.157.217.210 www.antispy.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Server\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Server\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam.css.edu/activex/AxisCamControl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\GEST\GSvr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\Program Files\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--

End of file - 17103 bytes

here are my logs for both.

Link to post
Share on other sites

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-28 22:24:25

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00041446 application/myway HackTools No 0 Yes No hkey_current_user\software\netscape\netscape navigator\automation shutdown\mywaytoolbar.netscapeshutdown.1

00041446 application/myway HackTools No 0 Yes No hkey_current_user\software\netscape\netscape navigator\automation startup\mywaytoolbar.netscapestartup.1

00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No hkey_classes_root\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location y

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description y

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Start Hijackthis, hit scan

Select all of this:

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.45.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.asdv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvtrv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.g.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.msasern.com

O1 - Hosts: 61.157.217.210 www.antispy.com

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

Hit fix, Scan again, post log. Check your computer. Is it surfing now?

Link to post
Share on other sites

Topic closed due to lack of response...

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand
how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
http://www.malwarebytes.org/forums/index.php?showtopic=2936' rel="external nofollow">
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.