Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bufferoverflow 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Bufferoverflow 2

Unread postby abu » June 30th, 2008, 3:37 am

hi there,

my comp is running so far so good. But sumtimes my internet exploer slows down a little..
and i was not able to do the KASPERSY SCAN as it requires JAVA 1.5..i did install it but it prompmts me to do it again...



here are the other results...

NOlop result;

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\p0800086\Desktop
[23-06-2008]
[8:21:24 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Installshield
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Skype
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Msscanappdatadir
C:\Documents and Settings\All Users\Application Data\National Instruments
C:\Documents and Settings\All Users\Application Data\Network Associates
C:\Documents and Settings\All Users\Application Data\Okay Meta Anti Lite -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Preemptive Solutions
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Cyberlink
C:\Documents and Settings\Default User\Application Data\Google
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Installshield
C:\Documents and Settings\Default User\Application Data\Macromedia
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Msninstaller
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Skype
C:\Documents and Settings\Default User\Application Data\Sony Ericsson
C:\Documents and Settings\Default User\Application Data\Starware316
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Teleca
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\P0800086\Application Data\Adobe
C:\Documents and Settings\P0800086\Application Data\Adobeum
C:\Documents and Settings\P0800086\Application Data\Apple Computer
C:\Documents and Settings\P0800086\Application Data\Autodesk
C:\Documents and Settings\P0800086\Application Data\Canon
C:\Documents and Settings\P0800086\Application Data\Cyberlink
C:\Documents and Settings\P0800086\Application Data\Google
C:\Documents and Settings\P0800086\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\P0800086\Application Data\Identities
C:\Documents and Settings\P0800086\Application Data\Installshield
C:\Documents and Settings\P0800086\Application Data\Macromedia
C:\Documents and Settings\P0800086\Application Data\Media Player Classic
C:\Documents and Settings\P0800086\Application Data\Microsoft
C:\Documents and Settings\P0800086\Application Data\Msninstaller
C:\Documents and Settings\P0800086\Application Data\National Instruments
C:\Documents and Settings\P0800086\Application Data\Oti
C:\Documents and Settings\P0800086\Application Data\Plaux
C:\Documents and Settings\P0800086\Application Data\Real
C:\Documents and Settings\P0800086\Application Data\Skype
C:\Documents and Settings\P0800086\Application Data\Sony Ericsson
C:\Documents and Settings\P0800086\Application Data\Starware316
C:\Documents and Settings\P0800086\Application Data\Sun
C:\Documents and Settings\P0800086\Application Data\Teleca


MALWAREBYTE SCAN:

Malwarebytes' Anti-Malware 1.19
Database version: 907
Windows 5.1.2600 Service Pack 3

2:45:54 PM 30-06-2008
mbam-log-6-30-2008 (14-45-54).txt

Scan type: Quick Scan
Objects scanned: 42831
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 22
Files Infected: 62

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmllib.xmldp (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmllib.xmldp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Music (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Music\Free_MusicOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

DSS SCAN

Deckard's System Scanner v20071014.68
Run by p0800086 on 2008-06-30 15:30:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as p0800086.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:39 PM, on 30-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\p0800086\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\p0800086.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MapToPDrive.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2779762734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2782968140
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 11698 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 14:38:15 0 d-------- C:\Documents and Settings\p0800086\Application Data\Malwarebytes
2008-06-30 14:38:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 14:38:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 17:46:47 0 d-------- C:\Documents and Settings\p0800086\.SunDownloadManager
2008-06-28 13:42:38 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-28 13:16:29 0 d-------- C:\Program Files\Sun
2008-06-28 13:08:24 0 d-------- C:\Program Files\Java
2008-06-28 13:07:38 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 20:31:13 0 drahs---- C:\autorun.inf
2008-06-20 14:37:46 0 d-------- C:\NoLopBackups
2008-06-15 20:19:27 0 d-------- C:\WINDOWS\Prefetch
2008-06-15 20:08:51 0 d-------- C:\WINDOWS\system32\scripting
2008-06-15 20:08:51 0 d-------- C:\WINDOWS\system32\bits
2008-06-15 20:08:51 0 d-------- C:\WINDOWS\l2schemas
2008-06-15 20:05:55 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-15 19:32:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-06-15 19:32:15 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-06-15 19:31:52 0 d-------- C:\Documents and Settings\p0800086\Application Data\Canon
2008-06-15 19:28:54 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-15 19:24:10 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-15 19:23:51 0 d--h----- C:\Program Files\CanonBJ
2008-06-01 12:52:50 0 d-------- C:\Documents and Settings\p0800086\.idlerc


-- Find3M Report ---------------------------------------------------------------

2008-06-30 15:05:07 0 d-------- C:\Documents and Settings\p0800086\Application Data\Skype
2008-06-28 13:07:38 0 d-------- C:\Program Files\Common Files
2008-06-26 23:59:52 0 d-------- C:\Program Files\National Instruments
2008-06-19 15:22:39 0 d-------- C:\Program Files\ZwCAD 2006i
2008-06-15 20:18:54 0 d-------- C:\Program Files\Messenger
2008-06-15 20:08:50 0 d-------- C:\Program Files\Movie Maker
2008-06-15 20:05:41 0 d-------- C:\Program Files\Windows NT
2008-05-22 13:05:42 0 d-------- C:\Documents and Settings\p0800086\Application Data\Help
2008-05-22 09:33:19 0 d-------- C:\Program Files\Trend Micro
2008-05-22 08:21:57 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 14:15:30 0 d-------- C:\Program Files\Microsoft Games
2008-05-15 13:24:26 0 d-------- C:\Program Files\Sony Ericsson
2008-05-12 17:03:44 0 d-------- C:\Program Files\MSECache
2008-05-12 16:17:05 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-12 14:14:01 0 d-------- C:\Documents and Settings\p0800086\Application Data\Media Player Classic
2008-05-12 14:12:48 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-05-08 22:08:42 0 d-------- C:\Program Files\FreeMind
2008-04-22 10:34:50 0 --a------ C:\WINDOWS\system32\UTSCSI.EXE
2008-04-14 05:41:52 276992 --a------ C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25-07-2007 03:02 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03-10-2007 03:15 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22-09-2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06-08-2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07-10-2003 09:48 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-01-2008 11:13 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12-02-2008 03:55 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05-09-2007 05:13 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05-09-2007 05:13 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05-09-2007 05:13 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 08:00 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [04-08-2004 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04-08-2004 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 08:00 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [08-02-2005 04:38 PM]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26-10-2005 05:17 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25-03-2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14-04-2008 05:42 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [22-01-2007 03:23 PM]
"Power2GoExpress"="NA" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [24-04-2008 10:10 AM]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [26-08-2007 05:38 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14-04-2008 05:42 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [05-03-2005 9:18:22 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12-05-2006 1:33:22 PM]
MapToPDrive.bat [01-03-2006 1:02:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80cbe4ee-1012-11dd-85a9-001e37a53354}]
AutoRun\command- G:\USBNB.exe

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-06-30 15:32:40 ------------



thanks for the help...
abu
Regular Member
 
Posts: 23
Joined: May 21st, 2008, 9:27 pm
Advertisement
Register to Remove

Re: Bufferoverflow 2

Unread postby Rodav » June 30th, 2008, 10:46 am

Hi abu,

I'm not sure what the difficulty with the Kaspersky scan is, but we can try a different online scan that doesn't require java.

Step 1:
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\Documents and Settings\All Users\Application Data\Okay Meta Anti Lite
C:\Program Files\Messenger Plus! Live

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2


Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Step 3:
Run HijackThis, do a system scan and in your next reply, copy and paste the following:
  • The OTMovit2 results
  • The Eset NOD32 Online AntiVirus scan log (C:\Program Files\EsetOnlineScanner\log.txt)
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Bufferoverflow 2

Unread postby abu » July 1st, 2008, 5:22 am

hi there,
i have done the test stated..but the step 2 the ESET test could not be done.. it says UPDATE FAILED(200).
sorry for that...

here are the other test results..

C:\Documents and Settings\All Users\Application Data\Okay Meta Anti Lite moved successfully.
C:\Program Files\Messenger Plus! Live\Skins moved successfully.
C:\Program Files\Messenger Plus! Live\Scripts\NudgesToolsScript moved successfully.
C:\Program Files\Messenger Plus! Live\Scripts moved successfully.
Folder move failed. C:\Program Files\Messenger Plus! Live\Languages scheduled to be moved on reboot.
C:\Program Files\Messenger Plus! Live\Interface moved successfully.
Folder move failed. C:\Program Files\Messenger Plus! Live scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_144529

Files moved on Reboot...
C:\Program Files\Messenger Plus! Live\Languages moved successfully.
C:\Program Files\Messenger Plus! Live moved successfully.


hijack this result..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:37 PM, on 01-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MapToPDrive.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2779762734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2782968140
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 11705 byte

thanks
abu
Regular Member
 
Posts: 23
Joined: May 21st, 2008, 9:27 pm

Re: Bufferoverflow 2

Unread postby Rodav » July 1st, 2008, 10:27 am

Hi abu,

It may be some of your security programs stopping the scanner from updating, but it's best to try a different scanner for now. Hopefully this should work.


Step 1:
Please go >here< to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply


Step 2:
Run HijackThis, do a system scan and in your next reply, copy and paste the following:
  • The Panda log
  • The new HijackThis log
Also please let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Bufferoverflow 2

Unread postby abu » July 2nd, 2008, 4:24 am

hi there,
this time it was sucessful..
herre r the report..

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-02 16:14:00
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise 8.0.0.912 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@atdmt[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@questionmarket[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\p0800086\Cookies\p0800086@go[2].txt
01892739 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[screensavers.exe][²ÜÇ\NSISdl.dll]
01892739 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019101.exe[²ÜÇ\NSISdl.dll]
02035706 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019102.exe[SSSInstaller.dll]
02035706 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[sinstaller3.exe][SSSInstaller.dll]
02035706 Adware/Comet Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019098.dll
02652843 Adware/Comet Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019101.exe
02652843 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[screensavers.exe]
02664802 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[screensavers.exe][IELauncher.exe]
02664802 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019101.exe[IELauncher.exe]
02878047 Adware/Starware Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe
02885442 Adware/Comet Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019102.exe
02885442 Adware/Comet Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[sinstaller3.exe]
02887375 Adware/Starware Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\06232008_203549\Program Files\Starware316\bin\Starware316.dll
02887375 Adware/Starware Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP32\A0019101.exe[Starware316.dll]
02887375 Adware/Starware Adware No 0 No No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP19\A0002669.exe[screensavers.exe][Starware316.dll]
02904593 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP37\A0021811.exe
02937206 Dialer.LDQ Dialers No 0 Yes No C:\Deckard\System Scanner\20080624175357\backup\DOCUME~1\p0800086\LOCALS~1\Temp\us0105.exe
02960526 Adware/SpywareNo Adware No 0 Yes No C:\System Volume Information\_restore{8AB9F13D-E492-4C1E-A3BF-17CB7A12A6DD}\RP34\A0021568.dll
02960526 Adware/SpywareNo Adware No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080627-224134-157.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location B
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description B
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:29 PM, on 02-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: MapToPDrive.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2779762734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2782968140
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 11957 bytes


thanks..
abu
Regular Member
 
Posts: 23
Joined: May 21st, 2008, 9:27 pm

Re: Bufferoverflow 2

Unread postby Rodav » July 2nd, 2008, 7:54 am

Step 1:
Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\Documents and Settings\p0800086\Desktop\NoLop.exe
C:\NoLopBackups

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Also delete any reports that were created during the fix.


Step 2:
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm.


Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through and proceed with the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Bufferoverflow 2

Unread postby abu » July 2nd, 2008, 9:38 am

hi there,

thanks for the help so far.. am very grateful for the help..
i will do as u said for the malware comments..
take car and thank you very much once a gain....
abu
Regular Member
 
Posts: 23
Joined: May 21st, 2008, 9:27 pm

Re: Bufferoverflow 2

Unread postby Rodav » July 2nd, 2008, 10:01 am

You're welcome. :)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Bufferoverflow 2

Unread postby Elrond » July 3rd, 2008, 4:29 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware