Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer take long time to startup (my HJT log here)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 8th, 2009, 5:27 am

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: backup-20090604-113956-625-rncsys32.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 4 Jun 2009 08:12:52 (CET) Permalink

Additional info
File size: 19968 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 842e58df2e068ba2aeffe6f76a244eb7
SHA1: c400913a546a69a0cc72e9345621f7aed12db478



After this scan it ask to scan again after that the result are.

Jotti logo


Jotti's malware scan
Filename: rncsys32.exe
Status:
Scan finished. 4 out of 20 scanners reported malware.
Scan taken on: Mon 8 Jun 2009 11:24:49 (CET) Permalink

Additional info
File size: 19968 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 842e58df2e068ba2aeffe6f76a244eb7
SHA1: c400913a546a69a0cc72e9345621f7aed12db478




Scanners
[ArcaVir]
2009-06-08 Found nothing
[F-Secure Anti-Virus]
2009-06-08 Found nothing
[Emsisoft A-squared]
2009-06-08 Found nothing
[Ikarus]
2009-06-08 Found nothing
[Avast! antivirus]
2009-06-07 Found nothing
[Kaspersky Anti-Virus]
2009-06-08 Trojan.Win32.Inject.adah
[Grisoft AVG Anti-Virus]
2009-06-08 SHeur2.AJKC
[ESET NOD32]
2009-06-06 Found nothing
[Avira AntiVir]
2009-06-08 Found nothing
[Norman Virus Control]
2009-06-05 Found nothing
[Softwin BitDefender]
2009-06-08 Trojan.Generic.CJ.VS
[Panda Antivirus]
2009-06-06 Found nothing
[ClamAV]
2009-06-08 Found nothing
[Quick Heal]
2009-06-08 Found nothing
[CPsecure]
2009-06-08 Found nothing
[Sophos]
2009-06-08 Found nothing
[Dr.Web]
2009-06-08 Trojan.Botnetlog.11
[VirusBlokAda VBA32]
2009-06-07 Found nothing
[Frisk F-Prot Antivirus]
2009-06-07 Found nothing
[VirusBuster]
2009-06-07 Found nothing
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am
Advertisement
Register to Remove

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 8th, 2009, 8:39 am

So that appears to be bad.

Please scan this file as well in jotti:

C:\WINDOWS\system32\advpackf.exe
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 9th, 2009, 12:37 am

When I can use Jotti's and submitted this file C:\WINDOWS\system32\advpackf.exe for scan it gives me the message the file is empty and the scanner cant give other result.

what can i do now ?
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 9th, 2009, 5:58 am

Does that file exist anyway?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 9th, 2009, 6:45 am

Yes it exist in c:\windows\system32 (its a hidden protected operating system file)
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 9th, 2009, 7:30 am

Then you can try to copy it to another folder and rename it to see if it helps.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 10th, 2009, 4:16 am

When I copy that file from system32 to another drive in safe mode and reboot it. after reboot i scanned it by jottis and the result is below. I think this below result is the result of another file. I dont know which one. but the end result is the actual one. --- addkali
------------------------------------------------------------------------------


This file has been scanned before. The results for this previous scan are listed below.


Filename: 12520850x.exe
Status:
Scan finished. 10 out of 20 scanners reported malware.
Scan taken on: Fri 5 Jun 2009 12:54:22 (CET) Permalink

Additional info
File size: 51712 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 42ddec469cbba70c9670129eab35e410
SHA1: 136dc8eb149f9b4640fd7596dab87a7b4520bd9b




Scanners
[ArcaVir]
2009-06-04 Found nothing
[F-Secure Anti-Virus]
2009-06-05 Backdoor.Win32.IRCBot.kna
[Emsisoft A-squared]
2009-06-05 Backdoor.Win32.IRCBot!IK
[Ikarus]
2009-06-05 Backdoor.Win32.IRCBot
[Avast! antivirus]
2009-06-04 Found nothing
[Kaspersky Anti-Virus]
2009-06-05 Backdoor.Win32.IRCBot.kna
[Grisoft AVG Anti-Virus]
2009-06-05 SHeur2.AJFW
[ESET NOD32]
2009-06-05 Win32/IRCBot
[Avira AntiVir]
2009-06-05 TR/Woopy.51712
[Norman Virus Control]
2009-06-04 Found nothing
[Softwin BitDefender]
2009-06-05 Found nothing
[Panda Antivirus]
2009-06-04 Found nothing
[ClamAV]
2009-06-05 Found nothing
[Quick Heal]
2009-06-05 Backdoor.IRCBot.kna
[CPsecure]
2009-06-03 Found nothing
[Sophos]
2009-06-05 Found nothing
[Dr.Web]
2009-06-05 BackDoor.IRC.Bot.114
[VirusBlokAda VBA32]
2009-06-04 Found nothing
[Frisk F-Prot Antivirus]
2009-06-04 Found nothing
[VirusBuster]
2009-06-04 Backdoor.IRCBot.ADYG


-----------------------------------------------------------------------------
The result is after again scan --addkali
--------------------------------------------------------------------------------
Jotti's malware scan
Filename: advf.exe
(this file name is changed by me actual file name is advpackf.exe) ---- addkali

Status:
Scan finished. 15 out of 20 scanners reported malware.
Scan taken on: Wed 10 Jun 2009 10:08:29 (CET) Permalink

Additional info
File size: 51712 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 42ddec469cbba70c9670129eab35e410
SHA1: 136dc8eb149f9b4640fd7596dab87a7b4520bd9b




Scanners
[ArcaVir]
2009-06-10 Trojan.Ircbot.Kna
[F-Secure Anti-Virus]
2009-06-10 Backdoor.Win32.IRCBot.kna
[Emsisoft A-squared]
2009-06-10 Backdoor.Win32.IRCBot!IK
[Ikarus]
2009-06-10 Backdoor.Win32.IRCBot
[Avast! antivirus]
2009-06-09 Found nothing
[Kaspersky Anti-Virus]
2009-06-10 Backdoor.Win32.IRCBot.kna
[Grisoft AVG Anti-Virus]
2009-06-09 SHeur2.AJFW
[ESET NOD32]
2009-06-09 Win32/IRCBot
[Avira AntiVir]
2009-06-10 TR/Woopy.51712
[Norman Virus Control]
2009-06-09 W32/Ircbot.AOVQ
[Softwin BitDefender]
2009-06-10 Found nothing
[Panda Antivirus]
2009-06-09 Bck/Ircbot.COT
[ClamAV]
2009-06-10 Found nothing
[Quick Heal]
2009-06-10 Backdoor.IRCBot.kna
[CPsecure]
2009-06-10 Found nothing
[Sophos]
2009-06-10 Mal/Generic-A
[Dr.Web]
2009-06-10 BackDoor.IRC.Bot.114
[VirusBlokAda VBA32]
2009-06-09 Malware-Cryptor.Win32.Vals.2
[Frisk F-Prot Antivirus]
2009-06-09 Found nothing
[VirusBuster]
2009-06-09 Backdoor.IRCBot.ADYG
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 10th, 2009, 5:21 am

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 11th, 2009, 1:43 am

Please advice me. If there is any possibility to clean the file. if yes tell me.

Reformating the pc is last option. If i reformat my pc and again load other document file in the pc than what happen next . If the document file of my pc are also infected by this worm then .


tell me and advice me soon.
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 11th, 2009, 2:40 am

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 11th, 2009, 6:24 am

This is the fresh hijackthis report after running combofix. --- addkali


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:27, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9238 bytes


This is the result of combofix --- addkali



ComboFix 09-06-10.02 - Administrator 06/11/2009 15:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.972 [GMT 5.75:45]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\APPLIC~1\WeatherDPA
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\program files\RelevantKnowledge
c:\windows\system32\advpackf.exe
c:\windows\system32\drivers\b1b60500.sys
c:\docume~1\ADMINI~1\APPLIC~1\WeatherDPA\Weather\WeatherStartup.xml
c:\docume~1\ADMINI~1\APPLIC~1\wiaserva.log
c:\documents and settings\Administrator\Start Menu\Programs\Startup\rncsys32.exe
c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\program files\RelevantKnowledge\rlservice.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wmiapsrvrpclocator
-------\Service_b1b60500
-------\Service_WmiApSrvRpcLocator


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-10 08:01 . 2009-06-03 08:40 51712 --sha-r- C:\advf.exe
2009-06-09 04:47 . 2009-06-09 04:47 2855 ----a-w- c:\windows\system32\advpackf.PIF
2009-06-07 12:21 . 2009-06-07 12:21 -------- d-----w- C:\rsit
2009-06-07 12:12 . 2009-06-08 06:32 -------- d-----w- c:\program files\Trend Micro
2009-06-07 11:18 . 2009-06-07 11:53 -------- d-----w- c:\program files\Interface Traffic Indicator
2009-06-07 10:38 . 2009-06-07 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-07 10:38 . 2009-06-07 11:53 -------- d-----w- c:\program files\FaceMorpher
2009-06-03 10:57 . 2009-06-03 10:57 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\KC Softwares
2009-06-03 10:33 . 2009-06-03 10:33 -------- d-----w- c:\program files\KC Softwares
2009-06-03 10:28 . 2008-04-13 22:48 153088 ----a-w- c:\windows\system32\Triedit.dll
2009-06-03 10:28 . 2003-01-26 09:56 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-03 08:40 . 2009-06-03 10:55 32 --s-a-w- c:\windows\system32\8088339.dat
2009-06-03 07:07 . 2009-06-03 07:13 -------- d-----w- c:\program files\horse6.6
2009-05-31 06:14 . 2009-06-09 06:51 -------- d-----w- c:\documents and settings\Administrator\dwhelper
2009-05-27 07:03 . 2009-05-27 07:03 -------- d-----w- c:\program files\Apple Software Update
2009-05-20 06:20 . 2009-05-20 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-20 06:12 . 2009-05-20 06:12 -------- d-----w- c:\program files\Common Files\Control Panels
2009-05-20 06:08 . 2009-05-20 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-05-20 05:32 . 2007-02-20 10:19 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-05-20 05:32 . 2007-02-20 10:19 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-05-20 05:11 . 2009-05-20 05:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-13 09:53 . 2009-06-02 07:50 -------- d-----w- c:\program files\Free Internet Window Washer
2009-05-13 07:30 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-12 10:30 . 1999-12-17 16:58 86016 ----a-w- c:\windows\unvise32.exe
2009-05-12 10:30 . 2009-05-12 10:30 -------- d-----w- c:\program files\SSRemoval Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 10:12 . 2009-05-12 08:09 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-08 11:15 . 2009-01-18 09:32 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Free Download Manager
2009-06-03 07:41 . 2008-11-07 07:10 -------- d-----w- c:\program files\Bonjour
2009-06-02 10:04 . 2008-10-31 11:50 -------- d-----w- c:\program files\Google
2009-06-02 10:01 . 2008-11-12 04:57 -------- d-----w- c:\program files\CyberLink
2009-06-02 10:01 . 2008-10-01 08:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 10:00 . 2009-04-10 07:36 -------- d-----w- c:\program files\Windows Live
2009-06-02 09:46 . 2008-12-17 07:36 -------- d-----w- c:\program files\Yahoo!
2009-06-02 09:45 . 2008-12-17 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-02 09:43 . 2009-02-01 10:08 -------- d-----w- c:\program files\Skype
2009-06-02 09:36 . 2009-01-22 05:05 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-05-27 07:05 . 2008-11-07 07:10 -------- d-----w- c:\program files\QuickTime
2009-05-27 07:04 . 2008-11-07 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-20 06:22 . 2008-10-06 09:11 105304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 06:16 . 2008-10-06 08:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-12 10:02 . 2009-05-12 10:02 -------- d-----w- c:\program files\Infinite Madness
2009-05-12 09:57 . 2009-02-09 10:15 -------- d-----w- c:\program files\PhotoScape
2009-05-12 09:57 . 2009-01-25 09:48 -------- d-----w- c:\program files\Audio Editor Gold
2009-05-12 09:57 . 2009-01-18 09:32 -------- d-----w- c:\program files\Free Download Manager
2009-05-12 09:38 . 2009-05-12 09:23 -------- d-----w- c:\program files\Enigma Software Group
2009-05-12 08:40 . 2009-05-12 08:40 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\PenProtect
2009-05-12 08:10 . 2008-10-01 08:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-12 08:09 . 2008-10-01 08:39 -------- d-----w- c:\program files\Symantec
2009-05-10 10:16 . 2009-05-10 10:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2009-05-08 09:59 . 2009-05-08 09:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-08 06:21 . 2009-05-08 06:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\AdobeUM
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\YzShadow
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\WinRoll
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\SearchSpy
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\iColorFolder
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\RK Launcher
2009-05-03 07:26 . 2009-05-03 07:19 -------- d-----w- c:\program files\Free Desktop Clock
2009-05-03 06:22 . 2009-05-03 06:22 -------- d-----w- c:\program files\YouTube Downloader
2009-05-03 06:21 . 2009-05-03 06:21 -------- d-----w- c:\program files\Stardock
2009-05-03 05:39 . 2009-05-03 05:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-03 05:39 . 2009-02-01 08:02 -------- d-----w- c:\program files\Java
2009-05-02 09:37 . 2009-05-02 09:37 -------- d-----w- c:\program files\AVG
2009-05-02 09:31 . 2009-05-02 09:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-01 07:16 . 2009-05-01 07:16 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2009-04-28 07:09 . 2009-04-28 07:09 -------- d-----w- c:\program files\Womble Multimedia
2009-04-20 08:27 . 2009-04-20 08:27 53248 ----a-w- c:\windows\system32\suppdll.dll
2009-04-20 08:27 . 2009-04-20 08:27 35363 ----a-w- c:\windows\system32\windrvNT.sys
2009-03-15 08:06 . 2009-03-15 08:06 0 ----a-w- c:\windows\nsreg.dat
2009-01-25 10:08 . 2009-01-25 10:05 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Free Internet Window Washer"="c:\program files\Free Internet Window Washer\Clearpch.exe" [2009-03-17 1541120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-14 124656]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-02 67584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-10-5 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/12/2009 15:05 101936]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/1/2009 13:04 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/1/2009 13:04 3072]
S3 Prowkstp;Prowkstp; [x]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 01:40 115952]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/av ... _homepage/
mStart Page = hxxp://securityresponse.symantec.com/av ... _homepage/
uInternet Settings,ProxyOverride = *.local
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Append to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 15:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1532)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\mnmsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\CF8102.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-06-11 16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 10:16

Pre-Run: 4,213,850,112 bytes free
Post-Run: 4,236,390,400 bytes free

211 --- E O F --- 2009-01-28 11:20
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 11th, 2009, 6:27 am

I have deleted the file c:\advf.exe from c:\drive after combofix running.

The file advf.exe is the copy of file advfpack.exe
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 11th, 2009, 7:28 am

Please install next recovery console manually as instructed in my link.

After that, please rerun combofix and post back a fresh combofix log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My computer take long time to startup (my HJT log here)

Unread postby addkali » June 12th, 2009, 12:40 am

This is the combofix result ---- addkali


ComboFix 09-06-11.06 - Administrator 06/12/2009 10:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.1028 [GMT 5.75:45]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-09 04:47 . 2009-06-09 04:47 2855 ----a-w- c:\windows\system32\advpackf.PIF
2009-06-07 12:21 . 2009-06-07 12:21 -------- d-----w- C:\rsit
2009-06-07 12:12 . 2009-06-08 06:32 -------- d-----w- c:\program files\Trend Micro
2009-06-07 11:18 . 2009-06-07 11:53 -------- d-----w- c:\program files\Interface Traffic Indicator
2009-06-07 10:38 . 2009-06-07 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-07 10:38 . 2009-06-07 11:53 -------- d-----w- c:\program files\FaceMorpher
2009-06-03 10:57 . 2009-06-03 10:57 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\KC Softwares
2009-06-03 10:33 . 2009-06-03 10:33 -------- d-----w- c:\program files\KC Softwares
2009-06-03 10:28 . 2008-04-13 22:48 153088 ----a-w- c:\windows\system32\Triedit.dll
2009-06-03 10:28 . 2003-01-26 09:56 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-03 08:40 . 2009-06-03 10:55 32 --s-a-w- c:\windows\system32\8088339.dat
2009-06-03 07:07 . 2009-06-03 07:13 -------- d-----w- c:\program files\horse6.6
2009-05-31 06:14 . 2009-06-09 06:51 -------- d-----w- c:\documents and settings\Administrator\dwhelper
2009-05-27 07:03 . 2009-05-27 07:03 -------- d-----w- c:\program files\Apple Software Update
2009-05-20 06:20 . 2009-05-20 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-20 06:12 . 2009-05-20 06:12 -------- d-----w- c:\program files\Common Files\Control Panels
2009-05-20 06:08 . 2009-05-20 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-05-20 05:32 . 2007-02-20 10:19 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-05-20 05:32 . 2007-02-20 10:19 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-05-20 05:11 . 2009-05-20 05:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-13 09:53 . 2009-06-02 07:50 -------- d-----w- c:\program files\Free Internet Window Washer
2009-05-13 07:30 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 04:22 . 2009-05-12 08:09 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-08 11:15 . 2009-01-18 09:32 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Free Download Manager
2009-06-03 07:41 . 2008-11-07 07:10 -------- d-----w- c:\program files\Bonjour
2009-06-02 10:04 . 2008-10-31 11:50 -------- d-----w- c:\program files\Google
2009-06-02 10:01 . 2008-11-12 04:57 -------- d-----w- c:\program files\CyberLink
2009-06-02 10:01 . 2008-10-01 08:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 10:00 . 2009-04-10 07:36 -------- d-----w- c:\program files\Windows Live
2009-06-02 09:46 . 2008-12-17 07:36 -------- d-----w- c:\program files\Yahoo!
2009-06-02 09:45 . 2008-12-17 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-02 09:43 . 2009-02-01 10:08 -------- d-----w- c:\program files\Skype
2009-06-02 09:36 . 2009-01-22 05:05 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-05-27 07:05 . 2008-11-07 07:10 -------- d-----w- c:\program files\QuickTime
2009-05-27 07:04 . 2008-11-07 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-20 06:22 . 2008-10-06 09:11 105304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 06:16 . 2008-10-06 08:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-12 10:30 . 2009-05-12 10:30 -------- d-----w- c:\program files\SSRemoval Tool
2009-05-12 10:02 . 2009-05-12 10:02 -------- d-----w- c:\program files\Infinite Madness
2009-05-12 09:57 . 2009-02-09 10:15 -------- d-----w- c:\program files\PhotoScape
2009-05-12 09:57 . 2009-01-25 09:48 -------- d-----w- c:\program files\Audio Editor Gold
2009-05-12 09:57 . 2009-01-18 09:32 -------- d-----w- c:\program files\Free Download Manager
2009-05-12 09:38 . 2009-05-12 09:23 -------- d-----w- c:\program files\Enigma Software Group
2009-05-12 08:40 . 2009-05-12 08:40 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\PenProtect
2009-05-12 08:10 . 2008-10-01 08:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-12 08:09 . 2008-10-01 08:39 -------- d-----w- c:\program files\Symantec
2009-05-10 10:16 . 2009-05-10 10:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2009-05-08 09:59 . 2009-05-08 09:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-08 06:21 . 2009-05-08 06:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\AdobeUM
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\YzShadow
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\WinRoll
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\SearchSpy
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\iColorFolder
2009-05-06 09:54 . 2009-05-03 07:48 -------- d-----w- c:\program files\RK Launcher
2009-05-03 07:26 . 2009-05-03 07:19 -------- d-----w- c:\program files\Free Desktop Clock
2009-05-03 06:22 . 2009-05-03 06:22 -------- d-----w- c:\program files\YouTube Downloader
2009-05-03 06:21 . 2009-05-03 06:21 -------- d-----w- c:\program files\Stardock
2009-05-03 05:39 . 2009-05-03 05:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-03 05:39 . 2009-02-01 08:02 -------- d-----w- c:\program files\Java
2009-05-02 09:37 . 2009-05-02 09:37 -------- d-----w- c:\program files\AVG
2009-05-02 09:31 . 2009-05-02 09:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-01 07:16 . 2009-05-01 07:16 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2009-04-28 07:09 . 2009-04-28 07:09 -------- d-----w- c:\program files\Womble Multimedia
2009-04-20 08:27 . 2009-04-20 08:27 53248 ----a-w- c:\windows\system32\suppdll.dll
2009-04-20 08:27 . 2009-04-20 08:27 35363 ----a-w- c:\windows\system32\windrvNT.sys
2009-03-15 08:06 . 2009-03-15 08:06 0 ----a-w- c:\windows\nsreg.dat
2009-01-25 10:08 . 2009-01-25 10:05 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-11_10.12.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 04:08 . 2009-06-12 04:08 16384 c:\windows\Temp\Perflib_Perfdata_508.dat
- 2008-10-01 08:34 . 2009-06-10 07:47 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-01 08:34 . 2009-06-10 07:47 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-01 08:34 . 2009-06-11 10:51 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Free Internet Window Washer"="c:\program files\Free Internet Window Washer\Clearpch.exe" [2009-03-17 1541120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-14 124656]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-02 67584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"!CleanupNetMeetingDispDriver"="msconf.dll" - c:\windows\system32\msconf.dll [2004-08-04 69632]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-10-5 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/12/2009 15:05 101936]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/1/2009 13:04 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/1/2009 13:04 3072]
S3 Prowkstp;Prowkstp; [x]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 01:40 115952]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/av ... _homepage/
mStart Page = hxxp://securityresponse.symantec.com/av ... _homepage/
uInternet Settings,ProxyOverride = *.local
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Append to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 10:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\msi.dll
.
Completion time: 2009-06-12 10:20
ComboFix-quarantined-files.txt 2009-06-12 04:35

Pre-Run: 4,201,951,232 bytes free
Post-Run: 4,191,776,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

213 --- E O F --- 2009-01-28 11:20

This is the hijackthis report after running combofix ----- addkali


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:43, on 6/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9207 bytes
addkali
Regular Member
 
Posts: 16
Joined: June 2nd, 2009, 6:53 am

Re: My computer take long time to startup (my HJT log here)

Unread postby Shaba » June 12th, 2009, 2:13 am

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware